Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say

Multiple ongoing hacking efforts are either connected to or using the Russian military assault to target a wide range of entities.

The post Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say appeared first on CyberScoop.

Continue reading Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say

Against backdrop of Russian-Ukraine war, researchers witness flurry of nation-aligned hacking

Hackers believed to be associated with the governments of Russia, Belarus and China are targeting Ukraine, Poland and European governments, researchers say, ranging from espionage attempts to phishing campaigns and coinciding with the intensification of the Russian assault on Ukraine. Shane Huntley, the director of Google’s Threat Analysis Group (TAG), said in a blog post Monday that the group has observed well-known Russian military hacking group Fancy Bear (also known as APT28) conducting several large credential phishing campaigns targeting UkrNet, a Ukrainian media company. Two recent campaigns, he said, involved newly created Blogspot domains as initial landing pages, which then redirected targets to credential phishing pages. TAG also observed a hacking operation known as Ghostwriter, or UNC1151, running credential phishing campaigns over the past week against Polish and Ukrainian government and military organizations. Ghostwriter refers to activity believed to be operating out of Belarus, researchers with cybersecurity firm Mandiant reported […]

The post Against backdrop of Russian-Ukraine war, researchers witness flurry of nation-aligned hacking appeared first on CyberScoop.

Continue reading Against backdrop of Russian-Ukraine war, researchers witness flurry of nation-aligned hacking

A new group of cyber mercenaries targets businesses, journalists — including some in Russia

Trend Micro said on Wednesday it has discovered a new Russian-language cyber mercenary group that has been going after targets ranging from Russian businesses to journalists and politicians. Researchers discovered the group after a long-time target of Pawn Storm, a hacking group connected to Russian intelligence, also known as Fancy Bear and APT28, said in March of 2020 that hackers targeted his wife with phishing emails. Trend Micro found that the indicators didn’t match Pawn Storm, and attributed the attacks to another Russian-language group it named Void Balaur. Unlike APT28, Void Balaur appears to be an independent group willing to hack into the emails of targets as diverse as aviation companies in Russia to human rights activists in Uzbekistan, according to Trend Micro. “Their targets are really a mixed bag,” lead researcher Feike Hacquebord said in an interview. “It looks like a lot of different customers are using them and […]

The post A new group of cyber mercenaries targets businesses, journalists — including some in Russia appeared first on CyberScoop.

Continue reading A new group of cyber mercenaries targets businesses, journalists — including some in Russia

When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work

While the cybersecurity industry marvels at the sophistication of the suspected Russian hackers who breached contractor SolarWinds and multiple federal agencies, another set of alleged Russian operatives continues to succeed with far less advanced techniques in their espionage campaigns. Fancy Bear, the hacking group linked with Russia’s GRU military intelligence agency, is showing a penchant for using blunt digital instruments to break into computers and try to steal data, according to analysts. It’s an example of how so-called advanced persistent threats don’t actually need advanced tools to accomplish their goals. Instead, they often rely on defensive weaknesses that plague the internet. “It looks like this is all part of a strategy: commit crude and aggressive attacks on infrastructure worldwide,” said Feike Hacquebord, a researcher a security firm Trend Micro. The hacking campaign involving tampered SolarWinds software, which the Washington Post has linked to another Russian intelligence service, the SVR, used […]

The post When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work appeared first on CyberScoop.

Continue reading When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work

Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says. Continue reading Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

The Russia-linked threat group is harvesting credentials for Microsoft’s cloud offering, and targeting mainly election-related organizations. Continue reading APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

Russia, China, Iran Meddle in 2020 Election (Unsurprisingly)

It comes as no surprise to hear that Russia is up to its old tricks. China and Iran are also in on the game.
The post Russia, China, Iran Meddle in 2020 Election (Unsurprisingly) appeared first on Security Boulevard.
Continue reading Russia, China, Iran Meddle in 2020 Election (Unsurprisingly)

Drovorub: Russia Pushing Invisible Malware, say NSA and FBI

Fancy Bear is at it again. This time, it’s said to be infecting Linux machines with Drovorub—rootkit malware that’s very hard to detect.
The post Drovorub: Russia Pushing Invisible Malware, say NSA and FBI appeared first on Security Boulevard.
Continue reading Drovorub: Russia Pushing Invisible Malware, say NSA and FBI

Russia’s GRU Military Unit Behind Previously Unknown Linux Malware, NSA Says

The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) have revealed the existence of a new piece of malware named Drovorub, most likely developed by a military unit of the Russian General Staff Main Intelligence Directorate (… Continue reading Russia’s GRU Military Unit Behind Previously Unknown Linux Malware, NSA Says

NSA, FBI publicize hacking tool linked to Russian military intelligence

The National Security Agency and the FBI are jointly exposing malware that they say Russian military hackers use in cyber-espionage operations. Hackers working for Russia’s General Staff Main Intelligence Directorate’s 85th Main Special Service Center, military unit 26165, use the malware, which the Russians themselves call “Drovorub,” to target Linux systems, the NSA and FBI said Thursday in a detailed report. The hackers, also known as APT28 or Fancy Bear, allegedly hacked the Democratic National Committee in 2016 and frequently target defense, government, and aerospace entities. The Russian military agency is also known as the GRU. While the alert does not include specific details about Drovorub victims, U.S. officials did say they published the alert Thursday to raise awareness about state-sponsored Russian hacking and possible defense sector vulnerabilities. The disclosure comes just months before American voters will conduct a presidential election. “Information in this Cybersecurity Advisory is being disclosed publicly to assist National Security System […]

The post NSA, FBI publicize hacking tool linked to Russian military intelligence appeared first on CyberScoop.

Continue reading NSA, FBI publicize hacking tool linked to Russian military intelligence