Saturday, November 2, 2024
HomeComputer SecurityAPT28 Hacking Group Attacking Sporting Organizations Around the World Using Custom Malware

APT28 Hacking Group Attacking Sporting Organizations Around the World Using Custom Malware

Published on

Malware protection

Microsoft warns of cyberattacks targeting anti-doping authorities and sporting organizations around the world. The group active since 2004 and they target government, military, and security organizations.

According to the Microsoft report, more than 16 national and international sporting and anti-doping organizations were targeted since September 16th.

The group is attributed to the Russian government, the group has a practice of registering looks like legitimate domains associated with news, politics, or other websites.

- Advertisement - SIEM as a Service

Microsoft said some of the attacks were successful, but most of the attacks are not successful. The attack found similar to the previous attack on various organizations.

APT28 group uses various attack methods such as spear-phishing, password spray, exploiting internet-connected devices and open-source malware.

The group uses several malware to attack victim’s and their primary malware is called Sofacy, the malware uses two primary components.

Trojan.Sofacy – Basic reconnaissance on an infected computer and drop another malware.
Backdoor.SofacyX – It is another malware using to steal the data from the infected computer.

The group has a history of targeting such organizations, in 2016 & 2018 the group targets various sporting organizations and anti-doping officials. The group released the stolen medical records online.

As the world looks forward with anticipation of the Tokyo Summer Games in 2020, we thought it important to share information about this new round of activity, read Microsoft blog post.

The group was supported by many developers and they used to update their tools since 2007. the group employs RSA encryption to protect files and stolen information.

Microsoft also notified that all customers targeted in these attacks and has worked with those who have sought our help to secure compromised accounts or systems.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling...

ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites

Researchers have identified a new variant of the ClickFix fake browser update malware distributed...

IcePeony Hackers Exploiting Public Web Servers To Inject Webshells

IcePeony, a China-nexus APT group, has been active since 2023, targeting India, Mauritius, and...