Friday, June 14, 2024

APT28 Hacking Group’s New Espionage Operations Targets Military and Government Organizations

Researchers uncovered new an Espionage Operations by an APT28 hacking group that targets Military and Government Organizations to exfiltrate the highly sensitive data.

APT28 has involved various cybercrime activities since 2007, but its public attention was started in 2016 since then they are involving very sophisticated cyber attack around the world.

APT28 also called as Fancy Bear, Sofacy Group, Sednit who is associated with the Russian military intelligence agency.

This cyber Espionage group was responsible for political targets against members of the Democratic National Committee (DNC).

They ware targeted via a malicious email campaign to trick recipients into supposedly changing their email passwords on a fake webmail domain.

Later they have accessed trick recipients into supposedly changing their email passwords on a fake webmail domain using stolen credentials to steal sensitive data and leaked it online.

APT28 hacking group

2017 and 2018 Activities – The APT28 Hacking Group

APT28 activities later continuing their operation in 2017 and 2018 with more sophisticated attacks with the ultimate motivation of intelligence gathering and targeting different organization.

  • A well-known international organization
  • Military targets in Europe
  • Governments in Europe
  • A government of a South American country
  • An embassy belonging to an Eastern European country

This group actively attack using a malware called Sofacy for various targets which contain two primary component,

  • Trojan.Sofacy  –  Basic reconnaissance on an infected computer and drop another malware.
  •  Backdoor.SofacyX – It is another malware using to steal the data from the infected computer.

According to Symantec, APT28 has continued to develop its tools over the past two years. For example, Trojan.Shunnael (aka X-Tunnel), malware used to maintain access to infected networks using an encrypted tunnel, underwent a rewrite to .NET.

Link with Earworm Espionage Operations

Researchers believe that APT28 might have a link with another cybercrime group called Earworm (aka Zebrocy).

Earworm actively attacking since 2016 and perform intelligence gathering operations against military targets in Europe, Central Asia, and Eastern Asia.

They are using  two different following malware component to infiltrate the target network,

  •  Trojan.Zekapab – capable of carrying out basic reconnaissance functions and downloading additional malware
  •  Backdoor.Zekapab – Taking screenshots, executing files and commands, uploading and downloading files, performing registry and file system operations

It is now clear that after being implicated in the U.S. presidential election attacks in late 2016, APT28 was undeterred by the resulting publicity and continues to mount further attacks using its existing tools, Symantec said.

Related Read

Hackers Offering Less than $150 to Hack Corporate Email Accounts – 12.5 Million Email Archive Files are Exposed

Hackers Selling Facebook Account Logins Details On Dark Web For $3

Website

Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles