Pawn Storm

Pierluigi Paganini May 03, 2024
Russia-linked APT28 and crooks are still using the Moobot botnet

The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations. Trend Micro researchers reported that the EdgeRouter botnet, called Moobot, used by the APT28 group is still active and is also used by cyber criminal organizations. In January, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and […]

Pierluigi Paganini September 27, 2018
Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild

Security experts from ESET have spotted the first UEFI rootkit of ever, the code tracked as LoJax was used in attacks in the wild. Security researchers from ESET have discovered a new piece of a sophisticated malware used by the Russia-linked Sednit group (aka Fancy Bear, APT28, Pawn Storm, Sofacy Group, and STRONTIUM) in targeted attacks aimed at government entities in the Balkans as […]

Pierluigi Paganini February 15, 2017
BitDefender found the first MAC OS version of the X-Agent used by the APT28

Security experts at Bitdefender discovered a MAC OS version of the X-Agent malware used by the Russian APT28 cyberespionage group. Security experts at BitDefender have discovered a MAC OS malware program that’s likely part of the arsenal of the dreaded Russian APT 28 group (aka Pawn Storm, Sednit, Sofacy, Fancy Bear and Tsar Team). The Russian nation-state actor was involved […]

Pierluigi Paganini December 10, 2016
APT 28 group is ramping up information warfare against Germany

According to the German Intelligence, the APT 28 group, also known as Fancy Bear, is ramping up information warfare against Germany and the rest of West. US intelligence agencies blame the Russian government for ramping up infowar against the US and the West. According to the US Government, Russian-state hackers hacked the Democratic National Committee (DNC) and other political organizations worldwide. […]

Pierluigi Paganini July 30, 2016
Clinton campaign servers were accessed as part of DNC hack

Media outlet continues to publish news regarding the DNC hack, computer servers used by Clinton campaign were compromised as part of DNC hack. The news of the recent Democratic National Convention (DNC) hack is monopolizing the technological debate around the US presidential campaign. Yesterday I reported the news of another hack against the operation of the DNC, according to the Reuters, […]

Pierluigi Paganini June 29, 2016
Pawn Storm APT group targets thousands Google Accounts

Russian cyber spies belonging to the Pawn Storm APT group have targeted a significant number of Google accounts belonging to individuals worldwide. The Pawn Storm APT group is once again in the headlines, this time the hackers targeted a significant number of Google accounts belonging to individuals in Russia, former Soviet Union countries, the United States, Europe. […]

Pierluigi Paganini May 13, 2016
Pawn Storm hackers hit the German Christian Democratic Union party

Researchers at Trend Micro discovered that Pawn Storm threat actor targeted the political party of Chancellor Angela Merkel, the Christian Democratic Union. Security experts follow a long time the operations of the Russian-linked Pawn Storm cyber spies, aka APT 28, Sednit, Sofacy, Fancy Bear and Tsar Team. In October 2014, security experts at Trend Micro spotted a cyber […]

Pierluigi Paganini February 17, 2016
Linux Fysbis Trojan, a new weapon in the Pawn Storm’s arsenal

Malware researchers at PaloAlto discovered the Fysbis Trojan, a simple and an effective Linux threat used by the Russian cyberspy group Pawn Storm. Do you remember the Pawn Storm hacking crew? Security experts have identified this group of Russian hackers with several names, including APT28, Sofacy or Sednit, it has been active since at least 2007. The name Pawn Storm is used by security […]

Pierluigi Paganini October 23, 2015
Pawn Storm APT targets MH17 crash investigation

The Pawn Storm APT group set up rogue VPN and SFTP servers to target Dutch Safety Board employees involved in the MH17 crash investigation. July 17, 2014, Flight MH17, traveling from Amsterdam to Kuala Lumpur, was shot down by a missile in mysterious circumstances. Flight MH17 was flying over a conflict zone in eastern Ukraine […]

Pierluigi Paganini October 15, 2015
Pawn Storm used a new Flash Zero-Day in attacks on the NATO & the While House

Researchers at Trend Micro discovered a new Adobe Flash Zero-Day used in Pawn Storm Campaign Targeting Foreign Affairs Ministries across the world. Once again Flash in the headlines, beware next emergency Flash Player update is critical for everybody as explained by the experts at Trend Micro. The researchers at the security firm explained that the update […]