APT28-linked trojan being developed in multiple programming languages, research shows

An elite Russia-linked hacking group is creating multiple versions of one of its go-to malicious tools in an apparent attempt to make its activity harder to detect, according to research published Tuesday by Palo Alto Networks. The company’s Unit42 threat intelligence team says that the hacker group Sofacy, also known as APT28, Fancy Bear and many other names, has been spotted using a version of the Zebrocy trojan written in the “Go” programming language in multiple phishing campaigns. The findings add to a list of Zebrocy variants written in different types of code. Researchers and Western governments have largely attributed APT28 to Russian intelligence services. “The use of a different programming language to create a functionally similar Trojan is not new to this group, as past Zebrocy variants have been developed in AutoIt, Delphi, VB.NET, C# and Visual C++,” the researchers wrote. “While we cannot be certain the impetus for this, […]

The post APT28-linked trojan being developed in multiple programming languages, research shows appeared first on CyberScoop.

Continue reading APT28-linked trojan being developed in multiple programming languages, research shows

Accenture: Russian hackers using Brexit talks to disguise phishing lures

A notorious Russian hacking group tried to exploit the latest flurry of Brexit-related news to spread malware to unsuspecting victims, according to a report from Accenture released Thursday. APT28, which Accenture refers to as SNAKEMACKEREL, used a malware-laced Microsoft Word document that appeared to be about the United Kingdom’s planned separation from the European Union to try breaching a wide variety of targets’ systems, researchers said. APT28 is widely believed to be the product of Russian intelligence services. Also known as Fancy Bear, Pawn Storm and other names, its the same group researchers have blamed for the 2016 breach on the Democratic National Committee, for leaks relating to the 2018 Winter Olympics and for the targeting of various government, political, critical infrastructure and other organizations. “Based on observed targeting by this threat group over the past few years, we assess with moderate confidence that they are likely to have targeted government, politics, think tanks and defense organizations in […]

The post Accenture: Russian hackers using Brexit talks to disguise phishing lures appeared first on Cyberscoop.

Continue reading Accenture: Russian hackers using Brexit talks to disguise phishing lures

APT28 Pulls Out New Malware Cannon

The notorious Russian cyberespionage group known as APT28, Fancy Bear and Sofacy is targeting government organizations using a new Trojan program called Cannon. Researchers from Palo Alto Networks detected new spear-phishing campaigns from APT28 at th… Continue reading APT28 Pulls Out New Malware Cannon

Russian APT activity is resurgent, researchers say

Cybersecurity researchers have detected new spearphishing and malicious-email campaigns associated with two Russian-government-linked hacking groups known for breaching the Democratic National Committee in 2016. One campaign spotted by Palo Alto Networks featured a wave of malicious documents targeting government organizations in Europe, North America, and an unnamed former Soviet state. The documents, which researchers intercepted in late October and early November, included a variant of the Zebrocy Trojan that sends screenshots of a victim’s network back to a command-and-control server. Unit 42, Palo Alto Networks’ intelligence team, tied the malicious-email campaign to the Sofacy Group, a Russian hacking outfit also known as APT28 and Fancy Bear, which has deployed Zebrocy. Meanwhile, FireEye researchers on Monday published details on a spearphishing offensive that had technical similarities with a 2016 campaign from the APT29 Russian hacking group. Western governments have attributed APT28 and APT29 to different parts of Russia’s intelligence services. The campaign tracked by FireEye sent malicious […]

The post Russian APT activity is resurgent, researchers say appeared first on Cyberscoop.

Continue reading Russian APT activity is resurgent, researchers say

Russian Hacker Group APT28 Used UEFI Rootkit on Select Targets

Security researchers have found malicious versions of the LoJack anti-theft software on computers belonging to government agencies from the Balkans and Central and Eastern Europe. They attribute the attacks to the a notorious Russian cyberespionage gr… Continue reading Russian Hacker Group APT28 Used UEFI Rootkit on Select Targets

Russians’ stealthy ‘LoJax’ malware can infect on the firmware level

Researchers with cybersecurity company ESET have discovered a malware campaign that is able to compromise a device’s firmware component, which they say in a report published Thursday is the first known instance of such an attack in the wild. ESET says that it found attributes in the malware that link it to the prominent Russian hacking group APT28. The malware, dubbed LoJax, can “serve as a key to the whole computer” by infecting the Unified Extensible Firmware Interface (UEFI) of a device, according to the report. ESET explains that firmware rootkits like LoJax have in the past been demonstrated in theory and are suspected to be in use by some governments, but haven’t been observed in the wild. This kind of malware is hard to detect and has advanced persistence properties, as it’s able to survive a complete operating system reinstall and even a hard drive replacement. If LoJax sounds […]

The post Russians’ stealthy ‘LoJax’ malware can infect on the firmware level appeared first on Cyberscoop.

Continue reading Russians’ stealthy ‘LoJax’ malware can infect on the firmware level

Fancy Bear’s VPNfilter malware is back with 7 new modules

By Waqas
Cisco’s Talos researchers have identified that Russia’s VPNfilter is way more dangerous than it is believed to be. The malware, which prompted the FBI to urge people to reboot their internet routers, contains seven additional third-stage modul… Continue reading Fancy Bear’s VPNfilter malware is back with 7 new modules