APT28

Pierluigi Paganini December 31, 2016
FBI-DHS JAR report links Russian hackers to Presidential Election hacks

A FBI-DHS JAR report released implicated Russian hacking group APT28 and APT29 in attacks against 2016 Presidential Election. The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) published on Thursday a Joint Analysis Report(JAR) that provides information about the tools, infrastructure and TTPs used by the Russian civilian and military intelligence […]

Pierluigi Paganini November 13, 2016
Pawn Storm APT conducted spear-phishing attacks before zero-days was fixed

The Pawn Storm APT group exploited some zero-days vulnerabilities in targeted attacks across the world before they get patched. The Pawn Storm APT group, also known as APT28 and Fancy Bear, exploited some zero-days flaw in targeted attacks before they get patched. The threat actors powered spear phishing attacks between the discovery of the zero-days […]

Pierluigi Paganini November 02, 2016
Recent Windows Kernel zero-day exploited by hackers behind the DNC hack

Executive vice president of Microsoft’s Windows and Devices group revealed that Windows Kernel zero-day recently disclosed was used by the Fancy Bear APT. On Oct. 31, the Google Threat Analysis Group publicly disclosed a vulnerability in the Windows kernel that is actively being exploited by threat actors in the wild. The zero-day could be exploited […]

Pierluigi Paganini September 15, 2016
Colin Powell’s emails leaked online. He calls Trump ‘National Disgrace’

A new batch of Colin Powell’s emails was leaked online by Russian hackers. Powel criticized both Presidential candidates, Trump and Clinton. Powell’s emails sent in a couple of years have been published on the website DC Leaks in a section protected by a password that was available only to select news outlets. The Powell’s e-mails belong to a […]

Pierluigi Paganini September 14, 2016
Sports doping agency WADA confirms attack by Russian cyber spies

World Anti-Doping Agency (WADA) confirms that Russian hackers breached its Anti-Doping Administration and Management System (ADAMS) database. Hackers breached the World Anti-Doping Agency (WADA) and have stolen Olympic athletes’ medical records, the hack was confirmed by the agency. According to the WADA, the hackers accessed the Anti-Doping Administration and Management System (ADAMS) database, security experts […]

Pierluigi Paganini July 30, 2016
Clinton campaign servers were accessed as part of DNC hack

Media outlet continues to publish news regarding the DNC hack, computer servers used by Clinton campaign were compromised as part of DNC hack. The news of the recent Democratic National Convention (DNC) hack is monopolizing the technological debate around the US presidential campaign. Yesterday I reported the news of another hack against the operation of the DNC, according to the Reuters, […]

Pierluigi Paganini February 17, 2016
Linux Fysbis Trojan, a new weapon in the Pawn Storm’s arsenal

Malware researchers at PaloAlto discovered the Fysbis Trojan, a simple and an effective Linux threat used by the Russian cyberspy group Pawn Storm. Do you remember the Pawn Storm hacking crew? Security experts have identified this group of Russian hackers with several names, including APT28, Sofacy or Sednit, it has been active since at least 2007. The name Pawn Storm is used by security […]

Pierluigi Paganini July 14, 2015
Seaduke, another weapon in the Duke arsenal

Security researchers at Symantec have analyzed Seaduke, a sophisticated Trojan used by threat actors behind the “Duke” malware family. Security experts at Symantec security firm have analyzed the Trojan.Seaduke, a malware that was used by the APT group behind the Duke espionage campaigns that targeted numerous government organizations worldwide. The Seaduke has many similarities with other […]

Pierluigi Paganini May 14, 2015
APT28 hacking crew plans attacks on financial institutions

According to a report published by the experts at root9B the hacking crew APT28 is planning to attack several financial institutions worldwide. In October 2014, security expert at FireEye published a report on the activities conducted by a group of Russian hackers, dubbed APT28, the hacking crew is behind long-running cyber espionage campaigns that targeted US defense contractors, European security organizations and […]

Pierluigi Paganini April 19, 2015
APT28 Russian hackers exploited two zero-day flaws in the wild

FireEye recently detected a new highly targeted attack run by APT28 exploiting two zero-day flaws to compromise an “international government entity”. Security experts at FireEye have recently detected a new cyber espionage campaign, dubbed “Operation RussianDoll,” operated by the Russian APT28 group. This time the hackers run highly targeted attack by exploiting two zero-day vulnerabilities to target an “international […]