APT28 – Page 5 – WindowsTechs.com

Czech Republic Blames Russia for Yearlong Email Breach

Posted on December 4, 2018 by Lucian Constantin

The Czech government’s Security Information Service (BIS) revealed in a report that hackers associated with the Russian government are responsible for an email breach, compromising the email system of the country’s Ministry of Foreign Affa… Continue reading Czech Republic Blames Russia for Yearlong Email Breach→

Accenture: Russian hackers using Brexit talks to disguise phishing lures

Posted on November 29, 2018 by Zaid Shoorbajee

A notorious Russian hacking group tried to exploit the latest flurry of Brexit-related news to spread malware to unsuspecting victims, according to a report from Accenture released Thursday. APT28, which Accenture refers to as SNAKEMACKEREL, used a malware-laced Microsoft Word document that appeared to be about the United Kingdom’s planned separation from the European Union to try breaching a wide variety of targets’ systems, researchers said. APT28 is widely believed to be the product of Russian intelligence services. Also known as Fancy Bear, Pawn Storm and other names, its the same group researchers have blamed for the 2016 breach on the Democratic National Committee, for leaks relating to the 2018 Winter Olympics and for the targeting of various government, political, critical infrastructure and other organizations. “Based on observed targeting by this threat group over the past few years, we assess with moderate confidence that they are likely to have targeted government, politics, think tanks and defense organizations in […]

The post Accenture: Russian hackers using Brexit talks to disguise phishing lures appeared first on Cyberscoop.

Continue reading Accenture: Russian hackers using Brexit talks to disguise phishing lures→

APT28 Pulls Out New Malware Cannon

Posted on November 21, 2018 by Lucian Constantin

The notorious Russian cyberespionage group known as APT28, Fancy Bear and Sofacy is targeting government organizations using a new Trojan program called Cannon. Researchers from Palo Alto Networks detected new spear-phishing campaigns from APT28 at th… Continue reading APT28 Pulls Out New Malware Cannon→

Russian APT activity is resurgent, researchers say

Posted on November 20, 2018 by Sean Lyngaas

Cybersecurity researchers have detected new spearphishing and malicious-email campaigns associated with two Russian-government-linked hacking groups known for breaching the Democratic National Committee in 2016. One campaign spotted by Palo Alto Networks featured a wave of malicious documents targeting government organizations in Europe, North America, and an unnamed former Soviet state. The documents, which researchers intercepted in late October and early November, included a variant of the Zebrocy Trojan that sends screenshots of a victim’s network back to a command-and-control server. Unit 42, Palo Alto Networks’ intelligence team, tied the malicious-email campaign to the Sofacy Group, a Russian hacking outfit also known as APT28 and Fancy Bear, which has deployed Zebrocy. Meanwhile, FireEye researchers on Monday published details on a spearphishing offensive that had technical similarities with a 2016 campaign from the APT29 Russian hacking group. Western governments have attributed APT28 and APT29 to different parts of Russia’s intelligence services. The campaign tracked by FireEye sent malicious […]

The post Russian APT activity is resurgent, researchers say appeared first on Cyberscoop.

Continue reading Russian APT activity is resurgent, researchers say→

The US Military Just Publicly Dumped Russian Government Malware Online

Posted on November 9, 2018 by Joseph Cox

US Cyber Command, a part of the military tasked with hacking and cybersecurity operations, says it is releasing malware samples as an information sharing effort. Continue reading The US Military Just Publicly Dumped Russian Government Malware Online→

FIFA, hacked again, is leaking like a sieve

Posted on November 5, 2018 by Lisa Vaas

Football shockers started to flow on Friday, after journalists analyzed more than 70m exfiltrated documents, totaling 3.4 terabytes of data. Continue reading FIFA, hacked again, is leaking like a sieve→

Cyber Security Roundup for October 2018

Posted on October 31, 2018 by Dave Whitelegg

Aside from Brexit, Cyber Threats and Cyber Attack accusations against Russia are very much on the centre stage of UK government’s international political agenda at the moment. The government publically accused Russia’s military ‘GRU’ intelligence … Continue reading Cyber Security Roundup for October 2018→

Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid

Posted on October 17, 2018 by Sean Lyngaas

Ever since the seminal cyberattacks on the Ukrainian power grid in 2015 and 2016, researchers have traced the evolution of the broad set of hackers behind the attacks in an effort to warn organizations the hackers might strike next. On Wednesday, analysts from cybersecurity company ESET added to that body of knowledge in revealing a quieter subgroup of those hackers that has targeted energy companies in Ukraine and Poland. ESET has dubbed the group GreyEnergy, a derivative of the original group of hackers, which have been known as BlackEnergy. Whereas BlackEnergy is known for the disruptive 2015 attack on the Ukrainian grid that cut power for roughly 225,000 people, GreyEnergy has to date preferred reconnaissance and espionage, according to ESET. The group has taken screenshots of its possible targets, stolen credentials, and exfiltrated files. “Clearly, they want to fly under the radar,” said Anton Cherepanov, the company’s lead researcher on […]

The post Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid appeared first on Cyberscoop.

Continue reading Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid→

Researchers link tools used in NotPetya and Ukraine grid hacks

Posted on October 11, 2018 by Sean Lyngaas

New research provides evidence linking some of the most impactful cybersecurity incidents on record – the 2015 and 2016 attacks on the Ukrainian power grid and the 2017 NotPetya malware outbreak – to the same set of hackers that Western governments say are sponsored by the Russian government. Researchers from cybersecurity company ESET say they have laid out the first concrete, public evidence of that link, citing a pattern of “backdoors” — or tools for remote access — used by the hackers. In April, ESET researchers found that the group, which they dub TeleBots, was trying to set up a new backdoor. ESET says this backdoor, known as Win32/Exaramel, is an “improved version” of the“Industroyer” backdoor used in the 2016 attack on the Ukrainian power sector, which knocked out at electrical substation outside of Kiev. The 2015 attack on Ukrainian grid, using the group’s custom BlackEnergy malware, cut power for […]

The post Researchers link tools used in NotPetya and Ukraine grid hacks appeared first on Cyberscoop.

Continue reading Researchers link tools used in NotPetya and Ukraine grid hacks→

APT28 Gets the Spotlight, But Turla Remains Russia’s Elite Hacking Unit

Posted on October 8, 2018 by Lucian Constantin

Over the past two years, the Russian cyberespionage group known as APT28, Sofacy or Fancy Bear, has been the focus of many press reports, threat analyses, Western intelligence investigations and, more recently, U.S. prosecution efforts. Yet despite al… Continue reading APT28 Gets the Spotlight, But Turla Remains Russia’s Elite Hacking Unit→