Russia's Elite Hackers May Have New Phishing Tricks

WIRED | 11/20/2018 | Lily Hay Newman
marika (Posted by) Level 3
Click For Photo: https://media.wired.com/photos/5bf3653712a65909dc06160a/191:100/pass/new_phishing-FA.jpg

A major question hanging over the United States midterm election season: Where was Russia? But while GRU hackers didn't directly interfere, they appear to be as active as ever. New research from two threat intelligence firms indicates that two prominent Russia-linked groups have been developing some clever phishing innovations, and are working purposefully to expand their reach.

"There’s a lot of ramping up from this particular nation state in general," says Jen Miller-Osborn, deputy director of threat intelligence in Palo Alto Networks' Unit 42 research team.

Group - APT - Bear - Sofacy—which - National

The prolific hacking group APT 28—also known as Fancy Bear or Sofacy—which memorably hacked the Democratic National Committee in 2016, has a new phishing tool in its arsenal, according to findings from security firm Palo Alto Networks. The trojan, concealed in a malicious document attachment, uses some classic techniques to send information about a target system back to a remote server, but the tool has been reworked for current use.

"It's not uncommon to see them come out with a new variant or a totally new malware family."

Tools - Methods - Fashion - Something - Radar

APT 28 is known for constantly evolving its tools, and drawing on methods that have fallen out of fashion to create something new that flies under the radar. Its newly minted "Cannon" trojan, which Palo Alto spotted during attacks in late October and early November, does both. The malware communicates with its command and control server via emails sent over an encrypted connection, so they can't be read on the way. Hackers use all sorts of communication schemes for command and control, including hiding communications in a victim's regular network traffic, piggybacking on compromised web services, or manipulating normal internet protocol requests. Using email for this communication is a technique that was widely popular several years ago, but had largely faded until its reappearance here.

"Actors shifted away likely because the...
(Excerpt) Read more at: WIRED
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!