APT28

Pierluigi Paganini December 05, 2019
The evolutions of APT28 attacks

Analyzing how tactics, techniques and procedures of the Russia-linked APT28 cyberespionage group evolve over the time. APT28 is a well known Russian cyber espionage group attributed, with a medium level of confidence, to Russian military intelligence agency GRU (by CrowdStrike). It is also known as Sofacy Group (by Kaspersky) or STRONTIUM (by Microsoft) and it’s used to target Aereospace, Defence, Governmente Agencies, International […]

Pierluigi Paganini October 29, 2019
Fancy Bear continues to target sporting and anti-doping organizations

Russia-linked cyber-espionage group Fancy Bear has carried out multiple cyberattacks targeting sporting and anti-doping organizations across the world. Microsoft revealed that Russia-linked cyber-espionage group Fancy Bear (aka APT28, Sednit, Sofacy, Zebrocy, and Strontium) has carried out multiple cyberattacks targeting sporting and anti-doping organizations across the world. According to the tech giant, Russian cyber spies have targeted at least 16 agencies […]

Pierluigi Paganini August 06, 2019
Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

The STRONTIUM Russia-linked APT group is compromising common IoT devices to gain access to several corporate networks. Researchers at Microsoft observed the Russia-linked APT group STRONTIUM abusing IoT devices to gain access to several corporate networks. The STRONTIUM APT group (aka APT28, Fancy Bear, Pawn Storm, Sofacy Group, and Sednit) has been active since at least 2007 and it has […]

Pierluigi Paganini April 18, 2019
APT28 and Upcoming Elections: evidence of possible interference (Part II)

In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction The uncertain attribution of the Ukrainian themed malicious document discussed in our past article “APT28 and Upcoming Elections: Possible Interference Signals”, led us to a review of Sofacy’s phishing techniques to confirm or […]

Pierluigi Paganini April 12, 2019
APT28 and Upcoming Elections: evidence of possible interference

In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild. This file was uncommon, it seemed carefully prepared and was speaking about who is leading in the elections […]

Pierluigi Paganini January 30, 2019
Sofacy’s Zepakab Downloader Spotted In-The-Wild

In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign leveraging the Zepakab Downloader. In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign discovered in January 2019. The sample has been initially identified by an Italian independent security researcher, who warned the InfoSec community and shared the binary for further […]

Pierluigi Paganini December 14, 2018
New Sofacy campaign aims at Government agencies across the world

Security experts at Palo Alto Networks uncovered a new espionage campaign carried out by Russia-Linked APT group Sofacy. Russian Cyber espionage group Sofacy (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium)) carried out a new cyber campaign aimed at government agencies in four continents in an attempt to infect them with malware. The campaign has been focusing on Ukraine and NATO […]

Pierluigi Paganini December 04, 2018
Russia-linked APT Sofacy leverages BREXIT lures in recent attacks

Russia-linked cyber-espionage group Sofacy, (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium) use BREXIT lures in recent attacks. The APT group used Brexit-themed bait documents on the same day the UK Prime Minister Theresa May announced the initial BREXIT draft agreement with the European Union (EU). “As the United Kingdom (UK) Prime Minister Theresa May announced the initial BREXIT draft agreement […]

Pierluigi Paganini November 21, 2018
Sofacy APT group used a new tool in latest attacks, the Cannon

Sofacy APT group (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium) has a new weapon in its arsenal dubbed Cannon. The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Experts at Palo Alto Networks spotted a new campaign in late October and early November, spear-phishing messages used Word […]

Pierluigi Paganini November 16, 2018
Cybaze ZLab- Yoroi team spotted a new variant of the APT28 Lojax rootkit

Malware researchers at the Cybaze ZLab- Yoroi team spotted a new variant of the dangerous APT28 Lojax rootkit. A new variant of the infamous APT28 Lojax (aka Double-Agent) has been discovered by the Cybaze ZLab – Yoroi team. It is the latest version of the well-known rootkit Double-Agent, previously analyzed by ESET researchers. The behavior of […]