Pierluigi Paganini March 22, 2019

Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections.

According to experts from FireEye, Russia-linked APT28
(aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) and
Sandworm Team (also TeleBots) cyberespionage groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections.

The activity of the Russia-linked groups is focused on NATO member states.

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

According to a report published by Symantec in October, the group was actively conducting cyber espionage campaigns against government and military organizations in Europe and South America.

Starting in 2017 and continuing into 2018, the APT28 group returned to covert intelligence gathering operations in Europe and South America.

The espionage activity on NATO member states has increased significantly since mid-2018, and it is ongoing. 

FireEye revealed that the two Russia-linked APT groups carried out spear-phishing attacks to trick victims into revealing government information and credentials.

Experts noticed that the activities of the groups are aligned, but while APT28 was observed using custom malware and zero-day exploits, the
Sandworm Team mainly used publicly available hacking tools. 

“The groups could be trying to gain access to the targeted networks in order to gather information that will allow Russia to make more informed political decisions, or it could be gearing up to leak data that would be damaging for a particular political party or candidate ahead of the European elections,” explained Benjamin Read, senior manager of cyberespionage analysis at FireEye.

“The link between this activity and the European elections is yet to be confirmed, but the multiple voting systems and political parties involved in the elections creates a broad attack surface for hackers,” FireEye’s Read said.”

According to The Milpitas, California-based firm, the group also targeted media outlets in France and Germany, political opposition groups in Russia, and LGBT organizations with links to Russia.

FireEye notified targeted organizations after uncovering the espionage campaigns.

Pierluigi Paganini

(SecurityAffairs – Russian APT group, cyberespionage)

[adrotate banner=”5″]

[adrotate banner=”13″]