Russian-Linked Hackers Target Foreign Ministries
A group of hackers behind the Democratic National Committee alienation may take a new target: foreign ministries across the world.
On Wednesday, the security firm Palo Alto Networks said it sourced the hacking attempts to Fancy Bear, a shadowy group that's widely believed to work for the Russian government.
The grouping —which also goes by the name Sofacy— is notorious for stealing sensitive files from the DNC and the Globe Anti-Doping Agency and then leaking them online. Recently, Fancy Bear also infiltrated several German language government offices, including the foreign and defense ministries, according to the news agency DPA.
The hacking attempts have often come up through phishing emails that can masquerade equally legitimate organizations, and the group'southward latest exploits accept been no different. This month, Palo Alto Networks noticed an assail targeting ii foreign ministries, i located in North America, the other in Europe.
The attack relied on a simulated e-mail purporting to come up from a defense industry news publisher run by IHS Markit, a well-known analyst house. Inside the e-mail was an zipper for an Excel file that held a calendar for upcoming events.
The email was fabricated to look quite convincing; it managed to spoof the email header with the accost "events@ihsmarkit.com." But in reality, the document was rigged to install malware on to the victim's figurer.
It did so through the attached Excel file, which contained a dangerous software macro. That macro is essentially a sequence of automatic deportment that'll run when activated. In this case, information technology tin can load malware.
To trick the victims into enabling the macro, the attackers decided to hide all the text within the Excel file with a white-colored font. Victims who opened the file would have been fooled into thinking they had to enable the macro to see the text.
"When successful, attackers can gain consummate control over the reckoner, enabling them to copy documents, usernames, passwords, account information and even accept screenshots," the security firm said in an electronic mail.
Palo Alto Networks has been studying the phishing email and said the malware used some of the same code and domain landing page formatting from the group's previous attacks. A separate security firm known as Intezer has also matched part of the malware sample with Fancy Bear as well.
Palo Alto Networks hasn't identified which governments were targeted in the phishing scheme, but information technology said the targets included a European embassy in Moscow. Fancy Conduct has too been trying to hack the foreign ministries via another toolset, only for now, Palo Alto Networks is remaining mum on the details.
Source: https://sea.pcmag.com/news/19863/russian-linked-hackers-target-foreign-ministries
Posted by: lloydevizint2002.blogspot.com
0 Response to "Russian-Linked Hackers Target Foreign Ministries"
Post a Comment