APT28

Pierluigi Paganini April 12, 2019
APT28 and Upcoming Elections: evidence of possible interference

In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild. This file was uncommon, it seemed carefully prepared and was speaking about who is leading in the elections […]

Pierluigi Paganini January 30, 2019
Sofacy’s Zepakab Downloader Spotted In-The-Wild

In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign leveraging the Zepakab Downloader. In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign discovered in January 2019. The sample has been initially identified by an Italian independent security researcher, who warned the InfoSec community and shared the binary for further […]

Pierluigi Paganini December 14, 2018
New Sofacy campaign aims at Government agencies across the world

Security experts at Palo Alto Networks uncovered a new espionage campaign carried out by Russia-Linked APT group Sofacy. Russian Cyber espionage group Sofacy (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium)) carried out a new cyber campaign aimed at government agencies in four continents in an attempt to infect them with malware. The campaign has been focusing on Ukraine and NATO […]

Pierluigi Paganini December 04, 2018
Russia-linked APT Sofacy leverages BREXIT lures in recent attacks

Russia-linked cyber-espionage group Sofacy,¬†(aka¬†APT28,¬†Pawn Storm,¬†Fancy Bear,¬†Sednit,¬†Tsar Team,¬†and¬†Strontium) use¬†BREXIT lures in recent attacks. The APT group used Brexit-themed bait documents on the same day the UK Prime Minister Theresa May announced the initial BREXIT draft agreement with the European Union (EU). “As the United Kingdom (UK) Prime Minister Theresa May announced the initial BREXIT draft agreement […]

Pierluigi Paganini November 21, 2018
Sofacy APT group used a new tool in latest attacks, the Cannon

Sofacy¬†APT group (aka¬†APT28,¬†Pawn Storm,¬†Fancy Bear,¬†Sednit,¬†Tsar Team,¬†and¬†Strontium) has a new weapon in its arsenal dubbed¬†Cannon. The Russia-linked APT group¬†delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Experts at Palo Alto Networks spotted a new campaign¬†in late October and early November, spear-phishing messages used Word […]

Pierluigi Paganini November 16, 2018
Cybaze ZLab- Yoroi team spotted a new variant of the APT28 Lojax rootkit

Malware researchers at the Cybaze ZLab- Yoroi team spotted a new variant of the dangerous APT28 Lojax rootkit. A new variant of the infamous APT28 Lojax (aka Double-Agent) has been discovered by the Cybaze¬†ZLab – Yoroi team. It is the latest version of the well-known rootkit Double-Agent, previously analyzed by ESET researchers. The behavior of […]

Pierluigi Paganini November 15, 2018
Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs

Chinese TEMP.Periscope cyberespionage group targeted a UK-based engineering company using TTPs associated with Russia-linked APT groups. Attribution of cyber attacks is always a hard task, in many cases attackers use false flags¬†to masquerade their identities. Chinese hackers have targeted a UK-based engineering company using techniques and artifacts attributed to the Russia-linked APT groups Dragonfly and […]

Pierluigi Paganini October 07, 2018
APT28 group return to covert intelligence gathering ops in Europe and South America.

Experts from Symantec collected evidence that APT28 group returns to covert intelligence gathering operations in Europe and South America. APT28 state-sponsored group (aka¬†Fancy Bear,¬†Pawn Storm,¬†Sofacy Group,¬†Sednit,¬†and¬†STRONTIUM) seems to have shifted the focus for its operations away from election interference to cyber espionage activities. The¬†APT28 group¬†has been active since at least 2007 and it has targeted¬†governments, […]

Pierluigi Paganini September 27, 2018
Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild

Security experts from ESET have spotted the first UEFI rootkit of ever, the code tracked as¬†LoJax was used in attacks in the wild. Security researchers from ESET have discovered a new piece of a sophisticated malware used by the Russia-linked¬†Sednit group¬†(aka¬†Fancy Bear,¬†APT28,¬†Pawn Storm,¬†Sofacy Group, and¬†STRONTIUM) in targeted attacks aimed at government entities¬†in the Balkans as […]

Pierluigi Paganini August 21, 2018
Microsoft says Russian hackers continue targeting 2018 midterm elections

Microsoft has spotted a new hacking campaign targeting 2018 midterm elections, the experts attributed the attacks to Russia-linked APT28 group. Microsoft has spotted a new hacking campaign targeting 2018 midterm elections. The tech giant attributed to Russia-linked APT28 a series of cyber attacks aimed at Members of United States’ Senate, conservative organizations and think tanks. […]