APT28
Latest
Researchers identify 'cybermercenary' group behind dozens of hacks
Researchers have learned of a 'cybermercenary' group, Void Balaur, that has been hacking political and business targets since 2015.
Microsoft: State-backed hackers targeted COVID-19 vaccine creators
Microsoft says state-backed Russian and North Korean hackers have targeted seven COVID-19 vaccine creators.
Russian state hackers appear to have breached a federal agency
Evidence suggests Russia's state-backed Fancy Bear group was behind a hack targeting a US federal agency.
Microsoft: Russian hackers are trying to influence EU elections
The European Elections come at a crucial time for the world, since their outcome could ultimately dictate if peace in Europe can be maintained. That explains why the number of attempts to undermine the process by a hostile nation state (with a name that rhymes with blusher) is intensifying. Microsoft has revealed that it's not just political campaigns that have come under fire, but the broader pillars of the political process.
Russian hackers target governments in Europe and South America
Russia's Fancy Bear hacking team (aka APT28) isn't just focused on meddling with elections and retaliating against anti-doping agencies. Symantec has observed Fancy Bear conducting intelligence gathering hacks in Europe and South America, including governments, military targets, an embassy and a "well-known international organization." The group has been using a common set of tools to conduct the campaign, although it also recently expanded its repertoire to include hacks that are considerably harder to stop.
FBI failed to warn officials about Russian email hackers
It's no longer a secret that Russian hackers have targeted the personal email accounts of American officials, but the FBI was apparently less than vigilant in giving these targets a heads-up. The AP has discovered through interviews that, out of nearly 80 people Russia's Fancy Bear team tried to compromise (mainly in 2015), only two had been told by the FBI -- even though the bureau reportedly had evidence for a year or more. In a few cases, the AP chat was the first time the victims learned they were in the crosshairs.
Facebook exposed 126 million Americans to Russia-linked pages
Russian attempts to skew the 2016 US election through Facebook reached much, much further than first thought. Numerous publications (including Axios, NBC News and the New York Times) have obtained Facebook's prepared testimony for the Senate, which reveals that Russia-linked pages reached 126 million American users between January 2015 and August 2017. That's over half of the social network's US base, for those keeping track. About 80,000 pieces of divisive material were shown to 29 million users whose likes, shares and follows spread the content to many more people.
Germany confronts Russia over election hacking
Speaking with reporters at a conference in Potsdam, Hans-Georg Maassen, president of the BfV agency (Germany's domestic intelligence group) renewed claims that Russian hackers were behind the attack on his country's parliament. He also warned the other nation against attempting to weaponize the "large amounts of data" stolen in that breach in the upcoming national elections come September.
Russia-backed malware can now target Macs
The state-backed Russian group accused of hacking the Democratic National Committee appears to be expanding its repertoire. Bitdefender Labs researchers have obtained a sample of a Mac-native variant of Xagent, the backdoor malware linked to Russia's APT28 (aka Fancy Bear or Strontium). The code not only allows swiping passwords and capturing screenshots, but includes a module that can swipe iOS device backups created by iTunes. While it's easy to encrypt those backups, this theoretically gives intruders a chance at snooping on iPhone data without having to compromise the iPhone itself.
Vermont power company finds malware linked to Russian hackers (updated)
Just a few days ago, the FBI and the Department of Homeland Security released a report detailing their assessment that Russian hackers were behind a series of attacks on US agencies and citizens. While the Obama administration issued sanctions, code linked to those hackers has been shared with other agencies, and on Friday, the Burlington Electric Department found malware with a matching signature on one of its laptops. The discovery raises more questions than it answers, but with recent reports of Russian hackers attacking the power grid in Ukraine, it obviously has raised alerts all over.
Russians are using undiscovered exploits to hack governments
If you've been wondering how Russian cyberattackers could compromise the White House and other high-profile political targets, the security researchers at FireEye have an answer. They've determined that APT28, a politically-motivated Russian hacking group, used unpatched exploits in Flash Player and Windows in a series of assaults against a "specific foreign government organization" on April 13th. Patches for both flaws are either ready or on the way, but the vulnerabilities reinforce beliefs that APT28 is very skilled -- less experienced groups would use off-the-shelf code.