Sofacy – Page 2 – WindowsTechs.com

The APT Name Game: How Grim Threat Actors Get Goofy Monikers

Posted on February 5, 2019 by Tara Seals

How do advanced persistent threat groups such as Double Secret Octopus and Anchor Panda get their ridiculous names? Continue reading The APT Name Game: How Grim Threat Actors Get Goofy Monikers→

Two suspected Russian hacking groups share tools and techniques, Kaspersky says

Posted on January 24, 2019 by Jeff Stone

Multiple groups of suspected Russian hackers have a relationship with one another that includes sharing malicious software code and hacking techniques, according to new research. The Moscow-based security vendor Kaspersky Lab on Thursday released findings tying the espionage group GreyEnergy with Zebrocy. Zebrocy is the name researchers have given to a group affiliated with suspected Russian military hackers known as Sofacy (or Fancy Bear, or APT 28), the alleged perpetrator in the hacking the Democratic National Committee in 2016. Both groups used the same command-and-control servers — the infrastructure that allows hackers to maintain communications with compromised machines — to simultaneously to target the same organization, according to Kaspersky. They also sent similar phishing emails disguised as messages from the Ministry of the Republic of Kazakhstan within one week. Our research confirms #GreyEnergy and #Zebrocy shared the C2 server infrastructure and both targeted the same organization almost at the same time. It […]

The post Two suspected Russian hacking groups share tools and techniques, Kaspersky says appeared first on CyberScoop.

Continue reading Two suspected Russian hacking groups share tools and techniques, Kaspersky says→

GreyEnergy’s overlap with Zebrocy

Posted on January 24, 2019 by Kaspersky Lab ICS CERT

We have identified an overlap between GreyEnergy, which is believed to be a successor to BlackEnergy group, and a Sofacy subset called “Zebrocy”. Both used the same servers at the same time and targeted the same organization. Continue reading GreyEnergy’s overlap with Zebrocy→

A Zebrocy Go Downloader

Posted on January 11, 2019 by GReAT

The Sofacy subset we identify as “Zebrocy” continues to target Central Asian government related organizations, both in-country and remote locations, along with a new middle eastern diplomatic target. And, as predicted, they continue to build out their malware set with a variety of scripts and managed code. Continue reading A Zebrocy Go Downloader→

First-Ever UEFI Rootkit Tied to Sednit APT

Posted on December 28, 2018 by Tom Spring

Researcher at ESET outlines research on the first successful UEFI rootkit used in the wild. Continue reading First-Ever UEFI Rootkit Tied to Sednit APT→

APT28-linked trojan being developed in multiple programming languages, research shows

Posted on December 18, 2018 by Zaid Shoorbajee

An elite Russia-linked hacking group is creating multiple versions of one of its go-to malicious tools in an apparent attempt to make its activity harder to detect, according to research published Tuesday by Palo Alto Networks. The company’s Unit42 threat intelligence team says that the hacker group Sofacy, also known as APT28, Fancy Bear and many other names, has been spotted using a version of the Zebrocy trojan written in the “Go” programming language in multiple phishing campaigns. The findings add to a list of Zebrocy variants written in different types of code. Researchers and Western governments have largely attributed APT28 to Russian intelligence services. “The use of a different programming language to create a functionally similar Trojan is not new to this group, as past Zebrocy variants have been developed in AutoIt, Delphi, VB.NET, C# and Visual C++,” the researchers wrote. “While we cannot be certain the impetus for this, […]

The post APT28-linked trojan being developed in multiple programming languages, research shows appeared first on CyberScoop.

Continue reading APT28-linked trojan being developed in multiple programming languages, research shows→

Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant

Posted on December 18, 2018 by Tara Seals

The group continues to evolve its custom malware in an effort to evade detection. Continue reading Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant→

APT review of the year

Posted on December 5, 2018 by Vicente Diaz

What were the most interesting developments in terms of APT activity throughout the year and what can we learn from them? Not an easy question to answer. Still, with the benefit of hindsight, let’s try to approach the problem from different angles to get a better understanding of what went on. Continue reading APT review of the year→

Czech Republic Blames Russia for Yearlong Email Breach

Posted on December 4, 2018 by Lucian Constantin

The Czech government’s Security Information Service (BIS) revealed in a report that hackers associated with the Russian government are responsible for an email breach, compromising the email system of the country’s Ministry of Foreign Affa… Continue reading Czech Republic Blames Russia for Yearlong Email Breach→

Kaspersky Security Bulletin 2018. Top security stories

Posted on December 3, 2018 by David Emm

All too often, both rely on manipulating human psychology as a way of compromising entire systems or individual computers. Increasingly, the devices targeted also include those that we don’t consider to be computers – from children’s toys to security cameras. Here is our annual round-up of major incidents and key trends from 2018 Continue reading Kaspersky Security Bulletin 2018. Top security stories→