Latest in Gear

Image credit: Sean Gallup/Getty Images

Russian hackers target governments in Europe and South America

They're not just obsessed with elections and the Olympics.
166 Shares
Share
Tweet
Share
Save

Sponsored Links

Sean Gallup/Getty Images

Russia's Fancy Bear hacking team (aka APT28) isn't just focused on meddling with elections and retaliating against anti-doping agencies. Symantec has observed Fancy Bear conducting intelligence gathering hacks in Europe and South America, including governments, military targets, an embassy and a "well-known international organization." The group has been using a common set of tools to conduct the campaign, although it also recently expanded its repertoire to include hacks that are considerably harder to stop.

The Russian outfit primarily relies on a two-stage malware infection. A trojan nicknamed Sofacy (aka Seduploader) handles initial recon and downloads further malware, while a backdoor known as SofacyX (X-Agent) steals information from the computer. For more persistent attacks, there's a Lojax rootkit that targets the UEFI platform underlying many modern computers. As it sits in the flash memory aboard a computer's firmware, Lojax can survive even if you replace the hard drive or reinstall the operating system.

The cyberattack campaign may be larger than this. Another group, Earworm, has been using spear-phishing email campaigns against military targets in Asia and Europe with some overlap between its control system and that of Fancy Bear. Its operations are separate, though, suggesting it may be another Russian operation rather than an extension of Fancy Bear.

An ongoing global spying campaign wouldn't be surprising. It's not just that Russia has a vested interest in keeping tabs on its political rivals -- it's that it takes relatively few resources to conduct these campaigns in the first place. What little it spends recruiting dedicated hackers could pay huge dividends by gathering more intelligence and undermining institutions.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
166 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
FCC creates two 'innovation zones' to test next-gen wireless

FCC creates two 'innovation zones' to test next-gen wireless

View
‘Call of Duty’ comes to mobile on October 1st

‘Call of Duty’ comes to mobile on October 1st

View
AT&T reportedly considers offloading its DirecTV satellite unit

AT&T reportedly considers offloading its DirecTV satellite unit

View
T-Mobile’s Sprint merger is opposed by 18 state attorneys general

T-Mobile’s Sprint merger is opposed by 18 state attorneys general

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr