APT28 – Page 2 – WindowsTechs.com

A new group of cyber mercenaries targets businesses, journalists — including some in Russia

Posted on November 10, 2021 by Tonya Riley

Trend Micro said on Wednesday it has discovered a new Russian-language cyber mercenary group that has been going after targets ranging from Russian businesses to journalists and politicians. Researchers discovered the group after a long-time target of Pawn Storm, a hacking group connected to Russian intelligence, also known as Fancy Bear and APT28, said in March of 2020 that hackers targeted his wife with phishing emails. Trend Micro found that the indicators didn’t match Pawn Storm, and attributed the attacks to another Russian-language group it named Void Balaur. Unlike APT28, Void Balaur appears to be an independent group willing to hack into the emails of targets as diverse as aviation companies in Russia to human rights activists in Uzbekistan, according to Trend Micro. “Their targets are really a mixed bag,” lead researcher Feike Hacquebord said in an interview. “It looks like a lot of different customers are using them and […]

The post A new group of cyber mercenaries targets businesses, journalists — including some in Russia appeared first on CyberScoop.

Continue reading A new group of cyber mercenaries targets businesses, journalists — including some in Russia→

When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work

Posted on December 18, 2020 by Sean Lyngaas

While the cybersecurity industry marvels at the sophistication of the suspected Russian hackers who breached contractor SolarWinds and multiple federal agencies, another set of alleged Russian operatives continues to succeed with far less advanced techniques in their espionage campaigns. Fancy Bear, the hacking group linked with Russia’s GRU military intelligence agency, is showing a penchant for using blunt digital instruments to break into computers and try to steal data, according to analysts. It’s an example of how so-called advanced persistent threats don’t actually need advanced tools to accomplish their goals. Instead, they often rely on defensive weaknesses that plague the internet. “It looks like this is all part of a strategy: commit crude and aggressive attacks on infrastructure worldwide,” said Feike Hacquebord, a researcher a security firm Trend Micro. The hacking campaign involving tampered SolarWinds software, which the Washington Post has linked to another Russian intelligence service, the SVR, used […]

The post When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work appeared first on CyberScoop.

Continue reading When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work→

Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

Posted on November 13, 2020 by Tara Seals

Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says. Continue reading Nation-State Attackers Actively Target COVID-19 Vaccine-Makers→

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

Posted on September 11, 2020 by Tara Seals

The Russia-linked threat group is harvesting credentials for Microsoft’s cloud offering, and targeting mainly election-related organizations. Continue reading APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins→

Russia, China, Iran Meddle in 2020 Election (Unsurprisingly)

Posted on September 11, 2020 by Richi Jennings

It comes as no surprise to hear that Russia is up to its old tricks. China and Iran are also in on the game.
The post Russia, China, Iran Meddle in 2020 Election (Unsurprisingly) appeared first on Security Boulevard.
Continue reading Russia, China, Iran Meddle in 2020 Election (Unsurprisingly)→

Drovorub: Russia Pushing Invisible Malware, say NSA and FBI

Posted on August 14, 2020 by Richi Jennings

Fancy Bear is at it again. This time, it’s said to be infecting Linux machines with Drovorub—rootkit malware that’s very hard to detect.
The post Drovorub: Russia Pushing Invisible Malware, say NSA and FBI appeared first on Security Boulevard.
Continue reading Drovorub: Russia Pushing Invisible Malware, say NSA and FBI→

Russia’s GRU Military Unit Behind Previously Unknown Linux Malware, NSA Says

Posted on August 14, 2020 by Silviu STAHIE

The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) have revealed the existence of a new piece of malware named Drovorub, most likely developed by a military unit of the Russian General Staff Main Intelligence Directorate (… Continue reading Russia’s GRU Military Unit Behind Previously Unknown Linux Malware, NSA Says→

NSA, FBI publicize hacking tool linked to Russian military intelligence

Posted on August 13, 2020 by Shannon Vavra

The National Security Agency and the FBI are jointly exposing malware that they say Russian military hackers use in cyber-espionage operations. Hackers working for Russia’s General Staff Main Intelligence Directorate’s 85th Main Special Service Center, military unit 26165, use the malware, which the Russians themselves call “Drovorub,” to target Linux systems, the NSA and FBI said Thursday in a detailed report. The hackers, also known as APT28 or Fancy Bear, allegedly hacked the Democratic National Committee in 2016 and frequently target defense, government, and aerospace entities. The Russian military agency is also known as the GRU. While the alert does not include specific details about Drovorub victims, U.S. officials did say they published the alert Thursday to raise awareness about state-sponsored Russian hacking and possible defense sector vulnerabilities. The disclosure comes just months before American voters will conduct a presidential election. “Information in this Cybersecurity Advisory is being disclosed publicly to assist National Security System […]

The post NSA, FBI publicize hacking tool linked to Russian military intelligence appeared first on CyberScoop.

Continue reading NSA, FBI publicize hacking tool linked to Russian military intelligence→

Russian hackers using stolen corporate email accounts to mask their phishing attempts

Posted on March 19, 2020 by Shannon Vavra

Hackers working for Russian military intelligence have long relied on zero-days and malware to target their victims, but in the last year they’ve kept it simple — using previously hacked email accounts to send a wide array of phishing attempts, according to new research from security firm Trend Micro. Since at least May of last year, the group known as Fancy Bear, APT28, or Pawn Storm, has used hacked email accounts belonging to high-profile personnel working at defense firms in the Middle East to carry out the operation, according to Feike Hacquebord, a senior threat researcher at Trend Micro. “The actor connects to a dedicated server using the OpenVPN option of a commercial VPN provider and then uses compromised email credentials to send out credential spam via a commercial email service provider,” Hacquebord writes in the research. The group, which the U.S. Department of Justice linked with Russia’s Main Intelligence Directorate […]

The post Russian hackers using stolen corporate email accounts to mask their phishing attempts appeared first on CyberScoop.

Continue reading Russian hackers using stolen corporate email accounts to mask their phishing attempts→

Austria Repels Foreign State-Sponsored Attempt to Hack Foreign Ministry

Posted on January 7, 2020 by Silviu STAHIE

Austria’s Foreign Ministry fought off a cyberattack over the weekend that it says was likely directed by a foreign state. The ministry said the attack started on Jan. 4 and might continue for a few more days, it but revealed few further details. … Continue reading Austria Repels Foreign State-Sponsored Attempt to Hack Foreign Ministry→