33 matches found
Advanced threat predictions for 2025
We at Kaspersky's Global Research and Analysis Team monitor over 900 APT advanced persistent threat groups and operations. At the end of each year, we take a step back to assess the most complex and sophisticated attacks that have shaped the threat landscape. These insights enable us to anticipat...
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine
Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google's Threat Analysis Group TAG, which is monitoring the...
Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware
A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a...
Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware
A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a...
GReAT Ideas follow-up
On June 17, we hosted our first "GReAT Ideas. Powered by SAS" session, in which several experts from our Global Research and Analysis Team shared insights into APTs and threat actors, attribution, and hunting IoT threats. Here is a brief summary of the agenda from that webinar: Linking attacks to...
Fancy Bear Targets Sporting, Anti-Doping Orgs As 2020 Olympics Loom
At least 16 anti-doping authorities and sporting organizations around the world have been hit by cyberattacks as the world begins to gear up for the Tokyo Summer Olympic Games, which kick off July 2020. The attacks, which began Sept. 16, have been linked to infamous Russian threat group Fancy Bea...
Zebrocy Retools for New Political Attacks
The APT known as the Sednit threat group also known as Sofacy, APT28 and Fancy Bear has kicked off a fresh spearphishing campaign, that was spotted targeting government entities with the Zebrocy backdoor. The malware features a rewritten and newly-improved backdoor and downloader, indicating an...
Zebrocy: A Russian APT Specializing in Victim Profiling, Access
Zebrocy, the Russian speaking threat group that shares similarities and overlaps with both the Sofacy and BlackEnergy APTs, is once again roaming the wide plain of government, foreign-affairs and military targets. Researchers have spotted the group using a new first-stage malware dropper in recen...
Zebrocy’s Multilanguage Malware Salad
Zebrocy is Russian speaking APT that presents a strange set of stripes. To keep things simple, there are three things to know about Zebrocy Zebrocy is an active sub-group of victim profiling and access specialists Zebrocy maintains a lineage back through 2013, sharing malware artefacts and...
IT threat evolution Q1 2019
Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor's past behaviour, ...
Meet ‘TajMahal,’ A New and Highly Advanced APT Framework
SINGAPORE – Researchers at Kaspersky Lab have discovered a new, highly sophisticated advanced persistent threat APT framework targeting a single Central Asian diplomatic agency. Malware samples associated with the APT reveal a complex never-before-seen code base, making it extremely hard to detec...
A Zebrocy Go Downloader
Last year at SAS2018 in Cancun, Mexico, "Masha and these Bears" included discussion of a subset of Sofacy activity and malware that we call "Zebrocy", and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was...
Sofacy Russia-Linked APT Debuts Fresh Zebrocy Variant
The Zebrocy trojan – a custom downloader malware used by Russia-linked APT Sofacy a.k.a. APT28, Fancy Bear or Sednit – has a new variant. While it’s functionally much the same as its other versions, the new code was written using the Go programming language. The similarities between the new paylo...
APT review of the year
What were the most interesting developments in terms of APT activity throughout the year and what can we learn from them? Not an easy question to answer; everybody has partial visibility and it's never possible to really understand the motivations of some attacks or the developments behind them...
Sofacy APT Takes Aim with Novel 'Cannon' Trojan
The Sofacy APT group is back, with a new second-stage custom malware payload that researchers have dubbed “Cannon.” A campaign against several government entities around the globe, including in North America, Europe and a former Soviet state, came in waves during late October and early November,...
Threats in the Netherlands
Introduction On October 4, 2018, the MIVD held a press conference about an intercepted cyberattack on the OPWC in the Netherlands, allegedly by the advanced threat actor Sofacy also known as APT28 or Fancy Bear, among others. According to the MIVD, four suspects were caught red handed trying to...
Olympic Destroyer Returns to Target Biochemical Labs
Olympic Destroyer, the threat actor that caused a crippling sabotage attack on the networks supporting this year’s Winter Games in Pyeongchang, South Korea, has resurfaced with a spy campaign – and with a wider target range. The new campaign began last month and is ongoing, employing spear-phishi...
Router Vulnerability and the VPNFilter Botnet
On May 25, the FBI asked us all to reboot our routers. The story behind this request is one of sophisticated malware and unsophisticated home-network security, and it's a harbinger of the sorts of pervasive threats from nation-states, criminals and hackers that we should expect in coming year...
FBI seizes control of a massive botnet that infected over 500,000 routers
Shortly after Cisco's released its early report on a large-scale hacking campaign that infected over half a million routers and network storage devices worldwide, the United States government announced the takedown of a key internet domain used for the attack. Yesterday we reported about a piece ...
A Closer Look at APT Group Sofacy’s Latest Targets
Threatpost talks to Kaspersky Lab researcher Kurt Baumgartner who was instrumental in tracking the latest activities of the Russian-speaking Sofacy APT gang. Research shows a continual march toward Far East targets and overlapping of activities with other groups such as Lamberts, Turla and Danti...