APT28

Pierluigi Paganini September 23, 2020
Russia-linked APT28 targets govt bodies with fake NATO training docs

Russia-linked cyberespionage group APT28 uses fake NATO training documents as bait in attacks aimed at government bodies. The Russia-linked cyberespionage group APT28 is behind a string of attacks that targeting government bodies with Zebrocy Delphi malware. The malicious code was distributed using fake NATO training materials as bait and had a very low detection rate […]

Pierluigi Paganini March 20, 2020
Russia-linked APT28 has been scanning vulnerable email servers in the last year

Experts warn of scanning activity conducted by Russia-linked APT28 cyberespionage group, hackers are searching for vulnerable mail servers. According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and it has […]

Pierluigi Paganini February 20, 2020
UK, US and its allies blame Russia’s GRU for 2019 cyber-attacks on Georgia

Britain and the United governments blame Russia for being behind a destructive cyber attack that hit Georgia during 2019. The governments of Britain and the US declared that Russia’s military intelligence service GRU is behind the massive cyber attack that hit Georgia during 2019. In October 2019, a wave of cyber attacks hit 2,000 websites […]

Pierluigi Paganini December 05, 2019
The evolutions of APT28 attacks

Analyzing how tactics, techniques and procedures of the Russia-linked APT28 cyberespionage group evolve over the time. APT28 is a well known Russian cyber espionage group attributed, with a medium level of confidence, to Russian military intelligence agency GRU (by CrowdStrike). It is also known as Sofacy Group (by Kaspersky) or STRONTIUM (by Microsoft) and it’s used to target Aereospace, Defence, Governmente Agencies, International […]

Pierluigi Paganini October 29, 2019
Fancy Bear continues to target sporting and anti-doping organizations

Russia-linked cyber-espionage group Fancy Bear has carried out multiple cyberattacks targeting sporting and anti-doping organizations across the world. Microsoft revealed that Russia-linked cyber-espionage group Fancy Bear (aka APT28, Sednit, Sofacy, Zebrocy, and Strontium) has carried out multiple cyberattacks targeting sporting and anti-doping organizations across the world. According to the tech giant, Russian cyber spies have targeted at least 16 agencies […]

Pierluigi Paganini August 06, 2019
Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

The STRONTIUM Russia-linked APT group is compromising common IoT devices to gain access to several corporate networks. Researchers at Microsoft observed the Russia-linked APT group STRONTIUM abusing IoT devices to gain access to several corporate networks. The STRONTIUM APT group (aka APT28, Fancy Bear, Pawn Storm, Sofacy Group, and Sednit) has been active since at least 2007 and it has […]

Pierluigi Paganini April 18, 2019
APT28 and Upcoming Elections: evidence of possible interference (Part II)

In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction The uncertain attribution of the Ukrainian themed malicious document discussed in our past article “APT28 and Upcoming Elections: Possible Interference Signals”, led us to a review of Sofacy’s phishing techniques to confirm or […]

Pierluigi Paganini April 12, 2019
APT28 and Upcoming Elections: evidence of possible interference

In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild. This file was uncommon, it seemed carefully prepared and was speaking about who is leading in the elections […]

Pierluigi Paganini January 30, 2019
Sofacy’s Zepakab Downloader Spotted In-The-Wild

In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign leveraging the Zepakab Downloader. In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign discovered in January 2019. The sample has been initially identified by an Italian independent security researcher, who warned the InfoSec community and shared the binary for further […]

Pierluigi Paganini December 14, 2018
New Sofacy campaign aims at Government agencies across the world

Security experts at Palo Alto Networks uncovered a new espionage campaign carried out by Russia-Linked APT group Sofacy. Russian Cyber espionage group Sofacy (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium)) carried out a new cyber campaign aimed at government agencies in four continents in an attempt to infect them with malware. The campaign has been focusing on Ukraine and NATO […]