APT29 – Page 5 – WindowsTechs.com

MITRE asks vendors to do more to detect stealthy hacks

Posted on May 1, 2019 by Sean Lyngaas

As hackers continue to use native programming tools to blend into target networks, Mitre Corp. is beginning to test vendors’ ability to detect those techniques. The federally-funded, not-for-profit organization announced Wednesday it would throw the stealthy tactics of an infamous hacking group, the Russian-government-linked APT29, at several threat-detection products. But the evaluation is about more than one set of adversaries. The “living off the land” techniques, such as hiding in PowerShell scripts, that will be tested are increasingly popular with a variety of hacking groups. “A lot of these techniques are going to be implemented in similar ways from different adversaries,” said Frank Duff, Mitre’s lead for evaluations that use the organization’s ATT&CK framework. “PowerShell monitoring is that next thing that everyone recognizes is absolutely necessary,” he added. Mitre’s last round of testing focused on advanced persistent threats, mimicking the tactics of APT3, a China-based group known for using internet-browser exploits. But […]

The post MITRE asks vendors to do more to detect stealthy hacks appeared first on CyberScoop.

Continue reading MITRE asks vendors to do more to detect stealthy hacks→

DNC officials say Russians unsuccessfully tried to hack them after 2018 midterms

Posted on January 18, 2019 by Sean Lyngaas

Hackers linked with the Russian government were likely behind an attempt to breach email accounts of Democratic National Committee officials just days after the 2018 midterm elections, the committee alleged late Thursday. Dozens of DNC officials were targeted with spearphishing emails on Nov. 14, eight days after the elections, the committee said in an updated court filing that is part of its lawsuit against the Russian government. The DNC is the Democratic Party’s top governing body. In this particular incident, there was no breach of email accounts, the committee said. After the infamous 2016 Russian intrusions into the DNC computer network, the party has trained its staff rigorously in cybersecurity. Analysts have said Russian state-sponsored hacking activity has increased recently. The DNC declined to comment beyond the court filing. “The content of these emails and their timestamps were consistent with a spearphishing campaign that leading cybersecurity experts have tied to Russian intelligence,” the court […]

The post DNC officials say Russians unsuccessfully tried to hack them after 2018 midterms appeared first on CyberScoop.

Continue reading DNC officials say Russians unsuccessfully tried to hack them after 2018 midterms→

Czech Republic Blames Russia for Yearlong Email Breach

Posted on December 4, 2018 by Lucian Constantin

The Czech government’s Security Information Service (BIS) revealed in a report that hackers associated with the Russian government are responsible for an email breach, compromising the email system of the country’s Ministry of Foreign Affa… Continue reading Czech Republic Blames Russia for Yearlong Email Breach→

Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers

Posted on December 3, 2018 by Windows Defender ATP

Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign. Our sensors revealed that the campaign prim… Continue reading Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers→

APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign

Posted on November 20, 2018 by Tara Seals

The group is best-known for hacking the DNC ahead of the 2016 presidential election. Continue reading APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign→

Russian APT activity is resurgent, researchers say

Posted on November 20, 2018 by Sean Lyngaas

Cybersecurity researchers have detected new spearphishing and malicious-email campaigns associated with two Russian-government-linked hacking groups known for breaching the Democratic National Committee in 2016. One campaign spotted by Palo Alto Networks featured a wave of malicious documents targeting government organizations in Europe, North America, and an unnamed former Soviet state. The documents, which researchers intercepted in late October and early November, included a variant of the Zebrocy Trojan that sends screenshots of a victim’s network back to a command-and-control server. Unit 42, Palo Alto Networks’ intelligence team, tied the malicious-email campaign to the Sofacy Group, a Russian hacking outfit also known as APT28 and Fancy Bear, which has deployed Zebrocy. Meanwhile, FireEye researchers on Monday published details on a spearphishing offensive that had technical similarities with a 2016 campaign from the APT29 Russian hacking group. Western governments have attributed APT28 and APT29 to different parts of Russia’s intelligence services. The campaign tracked by FireEye sent malicious […]

The post Russian APT activity is resurgent, researchers say appeared first on Cyberscoop.

Continue reading Russian APT activity is resurgent, researchers say→

Twittersploit Attack Leverages Dangerous Twitter Malware

Posted on August 6, 2018 by Martin Beltov

Security experts alerted of a dangerous new infection methodology known as the Twittersploit Attack. In the center of it all is the use of several malware instances that use the Twitter social network service as a C&C (command and control)…Read m… Continue reading Twittersploit Attack Leverages Dangerous Twitter Malware→

Someone Has Infected At Least 500,000 Routers All Over The World And No One Knows Why

Posted on May 23, 2018 by Lorenzo Franceschi-Bicchierai

But Ukraine’s government says it thinks that Russia will use “VPNFilter” to attack Saturday’s Champions League final. Continue reading Someone Has Infected At Least 500,000 Routers All Over The World And No One Knows Why→

Kaspersky exposes apparent Russian cyber-espionage operation amid U.S. criticism

Posted on August 30, 2017 by Chris Bing

In the face of allegations that Kaspersky Lab works hand-in-hand with Russian intelligence, the Moscow-based cybersecurity published a detailed report Wednesday exposing a complex and expansive cyber-espionage operation orchestrated by what appears to be a Russia-based hacking group. The research, authored by Kaspersky’s high-level GReAT team, reveals some of the techniques, processes and tools used by an attacker with similarities to two known hacking groups, Sofacy and Turla. Both of these groups are considered advanced persistent threats (APTs) and have been linked to the Russian government by U.S. cybersecurity firms CrowdStrike and FireEye. Kaspersky rarely attributes hacking groups to particular governments. This latest activity revealed by Kaspersky is codenamed “WhiteBear,” as it resembles but doesn’t match up entirely with known Sofacy or Turla operations. WhiteBear is likely a subgroup within or campaign of Turla group, the firm says. Based on a technical analysis by Kaspersky, WhiteBear’s recent activity appears to represent […]

The post Kaspersky exposes apparent Russian cyber-espionage operation amid U.S. criticism appeared first on Cyberscoop.

Continue reading Kaspersky exposes apparent Russian cyber-espionage operation amid U.S. criticism→

An old foe’s footprints muddle the mystery around group responsible for energy sector hacks

Posted on July 12, 2017 by Chris Bing

Though leading cybersecurity firms are closing in on the hackers responsible for a recent email phishing campaign and watering hole scheme designed to target U.S. energy companies, the available evidence points to an amorphous group that hasn’t been active for three years. It’s yet another mystery within an already complex case. The leading suspect behind this incident, according to cybersecurity experts and former U.S. intelligence officials, is a group associated with past operations tied to Russia. Known as “Energetic Bear,” “Koala Team” or “Crouching Yeti” to the information security community, the unit has a long history of targeting the energy sector and exploiting outdated vulnerabilities in Microsoft Word and Adobe Flash. “Koala Team is a prolific cyber espionage actor that has affected a comprehensive set of verticals using a combination of opportunistic and targeted tactics since at least 2011,” Cristiana Brafman Kittner, a senior analyst with U.S. cybersecurity firm FireEye, told CyberScoop. […]

The post An old foe’s footprints muddle the mystery around group responsible for energy sector hacks appeared first on Cyberscoop.

Continue reading An old foe’s footprints muddle the mystery around group responsible for energy sector hacks→