A politically motivated Russian hacking group called APT28 has used unpatched exploits in Flash Player and Windows in a series of assaults.
The cyber group is believed to be sponsored by the Russian government.
The APT28 group has been sending targets emails offering information of interest relevant to the recipient, while registering websites that mimic legitimate news and current events sites.
Such “phishing” sites can either be used to trick victims into handing over data, such as usernames and passwords, or to thrust malware onto the visitor’s PC, phone or tablet, The Guardian said on their website.
“FireEye Inc (FEYE.O), a prominent U.S. security company, said the espionage effort took advantage of holes in Adobe Systems Inc’s (ADBE.O) Flash software for viewing active content and Microsoft Corp’s (MSFT.O) ubiquitous Windows operating system,” according to Reuters.
Though it could find no direct link to the Russian government, US Security Company FireEye said the intelligence sought by the hackers was consistent with Russian interests.
The White House claims that Russia is trying to hack/cyber-attack their computer network:
The campaign has been tied by other firms to a serious breach at U.S. State Department computers. The same hackers are also believed to have broken into White House machines containing unclassified but sensitive information such as the president’s travel schedule, Reuters wrote on their website.
APT28 tried to break into the systems of Georgia’s Ministry of Internal Affairs (MIA) and Ministry of Defense (MOD), as well as a journalist covering issues in the Caucasus and a Chechen news site.
How ‘Russian hacker’ became a global brand:
In the attack on the MIA, a malicious Excel file was emailed to employees. When opened, it launched a decoy document containing a list of Georgian driver’s license numbers, while in the background a backdoor was installed on the victim’s PC that would try to connect to the organization’s email server. This would collect network information and send it back in an attachment from a seemingly legitimate email address, wrote The Guardian.
Russia hacks White House—two spy ships off US coast:
“Such targets would potentially provide APT28 with sensitive tactical and strategic intelligence concerning regional military capabilities and relationships,” FireEye said in its report.
“APT28 is most likely supported by a group of developers creating tools intended for long-term use and versatility, who make an effort to obfuscate their activity. This suggests that APT28 receives direct ongoing financial and other resources from a well-established organization, most likely a nation-state government,” the report read.
“APT28’s malware settings suggest that the developers have done the majority of their work in a Russian language build environment during Russian business hours, which suggests that the Russian government is APT28’s sponsor.”
If you thought governments didn’t spy on each other, you’re living in a dream world. It will be interesting to see what the US says, that’s if they say anything, since they are also doing cyber-espionage around the world.