Monday, November 25, 2024
HomeCyber AttackAPT28 Hacking Group's New Espionage Operations Targets Military and Government Organizations

APT28 Hacking Group’s New Espionage Operations Targets Military and Government Organizations

Published on

Researchers uncovered new an Espionage Operations by an APT28 hacking group that targets Military and Government Organizations to exfiltrate the highly sensitive data.

APT28 has involved various cybercrime activities since 2007, but its public attention was started in 2016 since then they are involving very sophisticated cyber attack around the world.

APT28 also called as Fancy Bear, Sofacy Group, Sednit who is associated with the Russian military intelligence agency.

- Advertisement - SIEM as a Service

This cyber Espionage group was responsible for political targets against members of the Democratic National Committee (DNC).

They ware targeted via a malicious email campaign to trick recipients into supposedly changing their email passwords on a fake webmail domain.

Later they have accessed trick recipients into supposedly changing their email passwords on a fake webmail domain using stolen credentials to steal sensitive data and leaked it online.

APT28 hacking group

2017 and 2018 Activities – The APT28 Hacking Group

APT28 activities later continuing their operation in 2017 and 2018 with more sophisticated attacks with the ultimate motivation of intelligence gathering and targeting different organization.

  • A well-known international organization
  • Military targets in Europe
  • Governments in Europe
  • A government of a South American country
  • An embassy belonging to an Eastern European country

This group actively attack using a malware called Sofacy for various targets which contain two primary component,

  • . Trojan.Sofacy  –  Basic reconnaissance on an infected computer and drop another malware.
  •  Backdoor.SofacyX – It is another malware using to steal the data from the infected computer.

According to Symantec, APT28 has continued to develop its tools over the past two years. For example, Trojan.Shunnael (aka X-Tunnel), malware used to maintain access to infected networks using an encrypted tunnel, underwent a rewrite to .NET.

Link with Earworm Espionage Operations

Researchers believe that APT28 might have a link with another cybercrime group called Earworm (aka Zebrocy).

Earworm actively attacking since 2016 and perform intelligence gathering operations against military targets in Europe, Central Asia, and Eastern Asia.

They are using  two different following malware component to infiltrate the target network,

  •  Trojan.Zekapab – capable of carrying out basic reconnaissance functions and downloading additional malware
  •  Backdoor.Zekapab – Taking screenshots, executing files and commands, uploading and downloading files, performing registry and file system operations

It is now clear that after being implicated in the U.S. presidential election attacks in late 2016, APT28 was undeterred by the resulting publicity and continues to mount further attacks using its existing tools, Symantec said.

Related Read

Hackers Offering Less than $150 to Hack Corporate Email Accounts – 12.5 Million Email Archive Files are Exposed

Hackers Selling Facebook Account Logins Details On Dark Web For $3

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to...

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to...