Researchers uncovered new an Espionage Operations by an APT28 hacking group that targets Military and Government Organizations to exfiltrate the highly sensitive data.
APT28 has involved various cybercrime activities since 2007, but its public attention was started in 2016 since then they are involving very sophisticated cyber attack around the world.
APT28 also called as Fancy Bear, Sofacy Group, Sednit who is associated with the Russian military intelligence agency.
This cyber Espionage group was responsible for political targets against members of the Democratic National Committee (DNC).
They ware targeted via a malicious email campaign to trick recipients into supposedly changing their email passwords on a fake webmail domain.
Later they have accessed trick recipients into supposedly changing their email passwords on a fake webmail domain using stolen credentials to steal sensitive data and leaked it online.
APT28 activities later continuing their operation in 2017 and 2018 with more sophisticated attacks with the ultimate motivation of intelligence gathering and targeting different organization.
This group actively attack using a malware called Sofacy for various targets which contain two primary component,
According to Symantec, APT28 has continued to develop its tools over the past two years. For example, Trojan.Shunnael (aka X-Tunnel), malware used to maintain access to infected networks using an encrypted tunnel, underwent a rewrite to .NET.
Researchers believe that APT28 might have a link with another cybercrime group called Earworm (aka Zebrocy).
Earworm actively attacking since 2016 and perform intelligence gathering operations against military targets in Europe, Central Asia, and Eastern Asia.
They are using two different following malware component to infiltrate the target network,
It is now clear that after being implicated in the U.S. presidential election attacks in late 2016, APT28 was undeterred by the resulting publicity and continues to mount further attacks using its existing tools, Symantec said.
Hackers Selling Facebook Account Logins Details On Dark Web For $3
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…