Collaborate Disseminate
The quarterly summaries of APT activity are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private reports. This is our latest installment, focusing on activities that we observed during Q3 2019. Continue reading APT trends report Q3 2019
After adapting their code, a group of Russian-government-linked hackers last month launched a phishing campaign against embassies and foreign affairs ministries of countries in Eastern Europe and Central Asia, researchers said Tuesday. The hackers, dubbed Sednit by Slovakian cybersecurity company ESET, haven’t been too discreet in their attempts to breach the diplomatic organizations: No less than six malicious packages of code are dropped on the target computer before the payload is executed, ESET researchers said in a blog post. Each of those bursts of activity is an opportunity for the target organization to detect the hackers. The malware takes screenshots of target desktop computers. The end goal is dropping a malicious “backdoor” on the computer that allows the attackers persistent access. The hackers seem to be implementing their malicious code in various programming languages to try to avoid being detected, according to ESET. “It’s probably easier that way and it […]
The post Russian hackers go after diplomatic targets in Eastern Europe and Central Asia, researchers say appeared first on CyberScoop.
Researchers warn that the Russia-linked APT has freshened up their tools with an improved downloader and more. Continue reading Zebrocy Retools for New Political Attacks
The Russian-speaking APT acts as a support group for high-profile APTs like Sofacy and BlackEnergy. Continue reading Zebrocy: A Russian APT Specializing in Victim Profiling, Access
Zebrocy is Russian speaking APT that presents a strange set of stripes. Essentially, at our SAS2019 presentation, we publicly provided original insights on Zebrocy and their characteristics for the first time, based on five years of research and private reports on this group. Continue reading Zebrocy’s Multilanguage Malware Salad
Multiple groups of suspected Russian hackers have a relationship with one another that includes sharing malicious software code and hacking techniques, according to new research. The Moscow-based security vendor Kaspersky Lab on Thursday released findings tying the espionage group GreyEnergy with Zebrocy. Zebrocy is the name researchers have given to a group affiliated with suspected Russian military hackers known as Sofacy (or Fancy Bear, or APT 28), the alleged perpetrator in the hacking the Democratic National Committee in 2016. Both groups used the same command-and-control servers — the infrastructure that allows hackers to maintain communications with compromised machines — to simultaneously to target the same organization, according to Kaspersky. They also sent similar phishing emails disguised as messages from the Ministry of the Republic of Kazakhstan within one week. Our research confirms #GreyEnergy and #Zebrocy shared the C2 server infrastructure and both targeted the same organization almost at the same time. It […]
The post Two suspected Russian hacking groups share tools and techniques, Kaspersky says appeared first on CyberScoop.
Continue reading Two suspected Russian hacking groups share tools and techniques, Kaspersky says
An elite Russia-linked hacking group is creating multiple versions of one of its go-to malicious tools in an apparent attempt to make its activity harder to detect, according to research published Tuesday by Palo Alto Networks. The company’s Unit42 threat intelligence team says that the hacker group Sofacy, also known as APT28, Fancy Bear and many other names, has been spotted using a version of the Zebrocy trojan written in the “Go” programming language in multiple phishing campaigns. The findings add to a list of Zebrocy variants written in different types of code. Researchers and Western governments have largely attributed APT28 to Russian intelligence services. “The use of a different programming language to create a functionally similar Trojan is not new to this group, as past Zebrocy variants have been developed in AutoIt, Delphi, VB.NET, C# and Visual C++,” the researchers wrote. “While we cannot be certain the impetus for this, […]
The post APT28-linked trojan being developed in multiple programming languages, research shows appeared first on CyberScoop.
The group continues to evolve its custom malware in an effort to evade detection. Continue reading Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant
Over the past two years, the Russian cyberespionage group known as APT28, Sofacy or Fancy Bear, has been the focus of many press reports, threat analyses, Western intelligence investigations and, more recently, U.S. prosecution efforts. Yet despite al… Continue reading APT28 Gets the Spotlight, But Turla Remains Russia’s Elite Hacking Unit