The Russian criminal group Sofacy APT28 has been active in the ‘market’ for years. It was previously known as APT28, Sednit, Fancy Bear, Pawn Storm or Tsar Team. Until recently, the group was known for developing specialized malware, dedicated for only a few, specially-selected units within a given organization. Infection methods were highly personalized back then.
Palo Alto specialists discovered that their new campaign came with changed tactics – from stealthy, to so-called “shotgun approach”. Their new campaign targets all foreign organizations. Potential attacks are easy to detect. The group does so by sending e-mails with malicious attachments (.doc files with macros or containing DDE vulnerabilities). Victims then unintentionally install a trojan file, which enables remote access – Koadic or one of the Zebrocy versions.
Comment:
Given the fact that the group has previously attempted to stay in the shadows and has suddenly changed its tactics to one where its actions are clearly visible, there is a chance that it might be a red herring, directing attention away from another operation – or the group is simply testing a new strategy.
Source: Bleeping Computer
—
Do you need cybersecurity solutions for your company – then contact us.
