Collaborate Disseminate
The hackers used booby-trapped Word documents and a leaked NSA hacking tool to get a foothold into the networks to then attack guests. Continue reading Russian Hackers Are Targeting Hotels Across Europe, Researchers Say
Attackers behind APT campaigns have kept busy in Q2 2017, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines.
Continue reading Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity
Though leading cybersecurity firms are closing in on the hackers responsible for a recent email phishing campaign and watering hole scheme designed to target U.S. energy companies, the available evidence points to an amorphous group that hasn’t been active for three years. It’s yet another mystery within an already complex case. The leading suspect behind this incident, according to cybersecurity experts and former U.S. intelligence officials, is a group associated with past operations tied to Russia. Known as “Energetic Bear,” “Koala Team” or “Crouching Yeti” to the information security community, the unit has a long history of targeting the energy sector and exploiting outdated vulnerabilities in Microsoft Word and Adobe Flash. “Koala Team is a prolific cyber espionage actor that has affected a comprehensive set of verticals using a combination of opportunistic and targeted tactics since at least 2011,” Cristiana Brafman Kittner, a senior analyst with U.S. cybersecurity firm FireEye, told CyberScoop. […]
The post An old foe’s footprints muddle the mystery around group responsible for energy sector hacks appeared first on Cyberscoop.
A Twitter account tied to a group that the Defense Intelligence Agency recently described as “Russian hackers … supporting Russia’s military operations” returned to the spotlight Wednesday by posting a message that alleges multiple Ukrainian government officials are “sponsored” by Hillary Clinton. These allegations, a vague and loosely defined set of financial connections documented only in a single graphic, could not be confirmed. No other supporting documents were provided. An attempt to contact the group went unanswered. Украинцы спонсировали Хиллари Клинтон за счет кредитов от МВФhttps://t.co/qTMAF0hLud#КиберБеркут #США #Украина pic.twitter.com/4nP3cZYjTL — КиберБеркут (@cyberberkut2) July 12, 2017 The Tweet posted Wednesday by this “CyberBerkut” group is the first such message posted publicly since January after the account shared an image of a redacted email it claims revealed plans by the U.S. government to doctor evidence to suggest that Russian hackers had interfered in the 2016 U.S. election. США планируют сфабриковать доказательства причастности […]
The post Russian hacker group ‘CyberBerkut’ returns to public light with allegations against Clinton appeared first on Cyberscoop.
Government officials from the Department of Homeland Security and Federal Bureau of Investigations said Wednesday that election officials and systems in a total of 21 states were targeted by Russian hackers in the months preceding the 2016 presidential election. “We have evidence of election-related systems in 21 states that were targeted,” said Jeanette Manfra, acting deputy undersecretary for cybersecurity and communications at the DHS’s National Protection and Programs Directorate. The disclosure was made for the first time during a hearing held by the Senate Select Committee on Intelligence focused on Russian interference in the U.S. election. Manfra did not name the individual states which were targeted and also did not further explain the contextual definition of “targeted” in this context. She also did not say how many of the targeted states were ultimately hacked and if, for example, any data was exfiltrated in these select incidents. The “owners” of targeted […]
The post Russian hackers targeted 21 states before 2016 election, FBI still investigating appeared first on Cyberscoop.
Continue reading Russian hackers targeted 21 states before 2016 election, FBI still investigating
As Montenegro preprepared to join NATO amid growing tensions in the region driven by Russia’s incursion into Ukraine, a hacking group linked to Russian intelligence was actively engaged in a cyber-espionage campaign against Montenegrin government officials, according to U.S. cybersecurity firm FireEye. The findings underscore Russia’s ongoing efforts to impact the political process in foreign countries through the use of a hacking group better known as APT28 or Fancy Bear. The Office of the Director of National Intelligence produced an unclassified report in January linking APT28 to the Russian government. Analyst Ben Read told CyberScoop that FireEye had found two different malicious Microsoft Word document attachments between January and February that carried signs of APT28 authorship and were specifically designed to be combined with phishing emails sent to the Montenegro government. The titles of the weaponized documents described a “schedule for a european military transfer program” and the “schedule for […]
The post APT28 targeted Montenegro’s government before it joined NATO, researchers say appeared first on Cyberscoop.
Continue reading APT28 targeted Montenegro’s government before it joined NATO, researchers say
In late 2015, former Director of National Intelligence James Clapper famously warned of a future where adversaries will often “change or manipulate electronic information in order to compromise its integrity” rather than simply steal data. Since then, the world has watched the Kremlin carry out Clapper’s prediction, interfering in democratic processes around the world. A new report released Thursday, authored by the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, shows how Russia has made Clapper’s prediction a reality. The research gives a new view on how hackers with suspected ties to the Russian government play a vital part in international disinformation campaigns aimed to discredit enemies of the state and sow discord. The report, “Tainted Leaks: Disinformation and Phishing With a Russian Nexus,” underscores how offensive cybersecurity operations have become a critical tool used by governments to weaponize information and affect public opinion. Hackers acting in […]
The post How phishing emails sent by Russian hackers produce propaganda appeared first on Cyberscoop.
Continue reading How phishing emails sent by Russian hackers produce propaganda
Russia’s preeminent cyber-espionage group, known as APT28 or Fancy Bear, heavily targeted Barack Obama’s staff during the 2008 campaign, according to newly published research by U.S.-based cybersecurity firm Area 1 Security. The former president’s closest allies — including campaign staff, top aides and other senior U.S. officials — began receiving a barrage of phishing emails from Russian spies as far back as 2007, when he was still a U.S. senator. Some Obama associates continue to be targeted, Area 1 said. Ex-officials are still being sent phishing emails even though they left government years ago, a trend that shows the attackers’ persistence in trying to compromise assets. A blog post published Friday afternoon by Area 1 shows that associated phishing emails commonly employed subject lines like “just FYI,” “RFI,” “eFax,” or “Elections.” Several corresponding attachments were titled as “harvard-iop-fall-2016-poll[.]doc” and “37486-the-shocking-truth-about-election-rigging-in-america[.]rtf[.]lnk.” The evidence uncovered by Area 1, a firm founded by National Security Agency veterans, offers […]
The post Russian hackers targeted Obama’s aides as early as 2007, and attempts continue, report says appeared first on Cyberscoop.
The hacked emails leaked last week from the campaign of French President-elect Emmanuel Macron contain phishing links pointing to domains associated with Fancy Bear, the hacking group also known as APT28 that has been linked to Russian intelligence agencies, according to the cybersecurity firm Flashpoint. “Flashpoint’s hypothesis [is] that the Macron leak was undertaken by Fancy Bear based on the contents of the dump itself, as well as the current and historic political environment in which this attack took place,” said Vitali Kremez, research director for Flashpoint. The same group was blamed for hacking Hillary Clinton’s campaign and the Democratic National Committee in 2016, and researchers have recently linked other high-profile phishing attempts to the group. “These domains were likely registered and deployed in the phishing emails in order to harvest the login credentials of Macron campaign personnel,” Kremez said. “These credentials could have provided hackers with the information needed to obtain the documents in the […]
The post Macron leaks contained phishing links to domains associated with APT28, researchers say appeared first on Cyberscoop.
An elite hacking group linked to the Russian government masqueraded as a NATO representative to send a barrage of phishing emails to diplomatic organizations in Europe, including Romania’s Foreign Ministry of Affairs, documents show. CyberScoop obtained a copy of one such phishing email that researchers have attributed to the hacking group, which is known as APT28 or Fancy Bear. The email, which carries a booby-trapped attachment that leverages two recently disclosed Microsoft Word vulnerabilities, shows that the government-backed hacking group effectively spoofed a NATO email address to make the message appear authentic. The hq.nato.intl domain is currently used by NATO employees. The file has already been submitted to Virus Total, a publicly maintained library of computer viruses. Typically files don’t appear on the site unless they have been found in the wild. An analyst from cybersecurity firm FireEye confirmed the phishing email pictured above is in fact authentic and related to APT28 activity. […]
The post Russia-linked hackers impersonate NATO in attempt to hack Romanian government appeared first on Cyberscoop.
Continue reading Russia-linked hackers impersonate NATO in attempt to hack Romanian government