Pierluigi Paganini April 12, 2019
APT28 and Upcoming Elections: evidence of possible interference

In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild. This file was uncommon, it seemed carefully prepared and was speaking about who is leading in the elections […]

Pierluigi Paganini December 19, 2018
Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Researchers at Palo Alto Networks discovered that the Russian-linked Sofacy APT has written a new version of their Zebrocy backdoor using the Go programming language. The Sofacy APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of […]

Pierluigi Paganini December 14, 2018
New Sofacy campaign aims at Government agencies across the world

Security experts at Palo Alto Networks uncovered a new espionage campaign carried out by Russia-Linked APT group Sofacy. Russian Cyber espionage group Sofacy (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium)) carried out a new cyber campaign aimed at government agencies in four continents in an attempt to infect them with malware. The campaign has been focusing on Ukraine and NATO […]

Pierluigi Paganini December 04, 2018
Russia-linked APT Sofacy leverages BREXIT lures in recent attacks

Russia-linked cyber-espionage group Sofacy, (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium) use BREXIT lures in recent attacks. The APT group used Brexit-themed bait documents on the same day the UK Prime Minister Theresa May announced the initial BREXIT draft agreement with the European Union (EU). “As the United Kingdom (UK) Prime Minister Theresa May announced the initial BREXIT draft agreement […]

Pierluigi Paganini October 08, 2018
Kaspersky shed lights on the overlap of operations conducted by Turla and Sofacy

Researchers from Kaspersky Lab collected evidence that demonstrates overlaps between the activity of Russian APT groups Turla and Sofacy.  In March, during the Kaspersky Security Analyst Summit held in Cancun, Kurt Baumgartner, Kaspersky principal security researcher, revealed the activity associated with Sofacy APT group appears to overlap with campaigns conducted by other cyber espionage groups. Baumgartner […]

Pierluigi Paganini March 18, 2018
Russia-linked Sofacy APT targets an unnamed European Government agency

While US-CERT warns of cyber attacks against critical infrastructure in the energy sectors, Russia-linked Sofacy APT is targeting a government agency in Europe. Last week the US Government announced sanctions against five Russian entities and 19 individuals, including the FSB, the military intelligence agency GRU. Despite the sanctions, Russian hackers continue to target entities worldwide, including US organizations. […]

Pierluigi Paganini March 09, 2018
Olympic Destroyer, alleged artifacts and false flag make attribution impossible

  According to Kaspersky Lab, threat actors behind the recent Olympic Destroyer attack planted sophisticated false flags inside their malicious code. On February 9, shortly before the Pyeongchang opening ceremonies on Friday, televisions at the main press centre, wifi at the Olympic Stadium and the official website were taken down. Hackers used the so-called Olympic Destroyer, a strain […]

Pierluigi Paganini March 01, 2018
DPA Report: Russia-linked APT28 group hacked Germany’s government network

Germany Government confirmed that hackers had breached its computer network and implanted a malware that was undetected for one year. German news agency DPA reported that Russian hackers belonging to the APT28 group (aka Fancy Bear, Pawn Storm, Sednit, Sofacy, and Strontium) have breached Germany’s foreign and interior ministries’ online networks. The agency, quoting unnamed security sources, revealed that the […]

Pierluigi Paganini February 21, 2018
Russia-linked Sofacy APT group shift focus from NATO members to towards the Middle East and Central Asia

Experts from Kaspersky highlighted a shift focus in the Sofacy APT group’s interest, from NATO member countries and Ukraine to towards the Middle East and Central Asia. The Russia-linked APT28 group (aka Pawn Storm, Fancy Bear, Sofacy, Sednit, Tsar Team and Strontium.) made the headlines again, this time security experts from Kaspersky highlighted a shift focus in their interest, from NATO member […]

Pierluigi Paganini February 17, 2016
Linux Fysbis Trojan, a new weapon in the Pawn Storm’s arsenal

Malware researchers at PaloAlto discovered the Fysbis Trojan, a simple and an effective Linux threat used by the Russian cyberspy group Pawn Storm. Do you remember the Pawn Storm hacking crew? Security experts have identified this group of Russian hackers with several names, including APT28, Sofacy or Sednit, it has been active since at least 2007. The name Pawn Storm is used by security […]