Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. “The campaign sent emails with content intended to arouse the recipient’s interest and persuade him to click on the link,” the computer emergency response team, CERT Polska, said in a Wednesday bulletin. Clicking on […]
Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The Czech Republic’s Ministry of Foreign Affairs (MFA), in a statement, […]
The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly as early as April 2019, leveraged a now-patched flaw that […]
The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. “The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents […]
In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet comprising infected routers was felled by law enforcement as part of an operation codenamed Dying Ember. The botnet, named MooBot, is said to have been used […]
The Russian nation-state threat actor known as APT28 has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace. IBM X-Force is tracking the adversary under the name ITG05, which is also known as BlueDelta, Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron […]
Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a now-patched critical security flaw in its Outlook email service to gain unauthorized access to victims’ accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called Forest Blizzard (formerly Strontium), which is also widely tracked under the monikers APT28, […]
According to a recent study published by the leading cybersecurity agency in France, a hacking organisation affiliated with Russia’s military intelligence agency has been spying on French colleges, corporations, think tanks, and government institutions. The research was published by the agency. Since the second half of 2021, the group of hackers known as Fancy Bear […]
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy. The email messages come with […]
In an attempt to eliminate the infrastructure used to launch attacks against Ukrainian targets, Microsoft has taken down seven domain names used by the Russian hacking group APT28 to disrupt the attacks. All these domains were used by Strontium (aka Fancy Bear and APT28) to target multiple Ukrainian institutions, including the media outlets, and this […]
Security researchers from Z-Lab at CSE Cybsec observed series of malware submitted to the online sandbox and a sample submitted to Virus Total that was attributed by some experts to the Russian APT28 group. The APT28 group (aka Fancy Bear, Pawn Storm, Sednit, Sofacy, and Strontium) active since 2007 and they involved in various attacks […]
Recently, researchers found corrupt versions of legitimate LoJack software that seems to have been secretly modified to allow hackers inside the companies that use the service. Experts in information security commented that the domains found within the infected instances of LoJack have been previously linked to other operations carried out by APT28, a cyber-espionage group […]
Security experts from security firm Redsocks published an interesting report on how to crack APT28 traffic in a few seconds. Introduction APT28 is a hacking group involved in many recent cyber incidents. The most recent attack allegedly attributed to this group is the one to French presidential candidate Emmanuel Macron’s campaign. Incident response to this Advanced […]
Supo: Espionage rising, attacks on infrastructure falling. The Finnish Security Intelligence Service Supo is complaining that nation-state-level attackers aren’t even bothering to hide themselves from prying eyes. That news comes in the agency’s review of intelligence activity in 2016, announced here. The major trends in cyber-intelligence Supo highlights in the report are increasing attacks against […]
APT28 is a Russian hacking group who was previously blamed for hacking WADA and DNC servers. The group of hackers that conducted the infamous DNC hacking, World Anti-Doping Agency (WADA) and other such feats targeting sensitive western military and governmental entities, are at it again. This time, they are using Komplex, a relatively new Trojan that […]
A Russian hacking group planned on launching cyberattacks against several banks around the world, according to SC Magazine.