BY JACQUELINE THOMSEN – 11/20/18
Researchers have attributed new malware activity targeting governments in several countries to a Russian hacking group.
Researchers at Palo Alto Network’s Unit 42 found that hackers with APT28, sometimes known as “Sofacy” or “Fancy Bear,” are targeting government groups in the U.S., the European Union and former Soviet governments with weaponized documents containing malware.
The hacking group is allegedly behind the 2016 hack of the Democratic National Committee. Special counsel Robert Mueller earlier this year indicted 12 Russian military officers in the hack.
The researchers say the hackers are using the malware to conduct cyber espionage against the government agencies.
The hackers also attempted to use a current event in the name of at least one of the documents, referring to the Lion Air crash earlier this month that killed the 189 passengers on board, according to Unit 42.
One of the corrupted samples obtained by the research team also included a new tool that uses email systems to carry out its work.
“This is not a new tactic but may be more effective at evasion as the activity is encrypted and the external hosts involved are a legitimate service provider,” the Unit 42 researchers wrote.
This new research is being revealed one day after security firm FireEye reported more information about a phishing campaign targeting U.S. networks.
That campaign, which sent spear-phishing emails that appeared to be from a State Department public affairs official, is likely the work of APT29, another Kremlin-tied hacking group, the researchers say.