Trend Micro security researchers recently reported a newly-discovered phishing campaign, stating that the hackers responsible for the attack work for the Russian government.
A Russian cyberespionage group, best known as Fancy Bear , but also called APT28, Sofacy Group, Tsar Team, Pawn Storm, Sednit, and STRONTIUM by different cybersecurity companies, was recently discovered to be involved in a series of phishing attacks, as reported by Trend Micro.
The attacks have all been part of a long campaign where the group seemingly abandoned its usual methods — at least for this campaign. Earlier, hackers were relying on things such as malware infections and zero-day vulnerabilities to conduct their attacks against specific targets, as reported by CyberScoop. This time, however, they used numerous previously hacked emails, belonging to high-profile victims in countries around the world.
So far, it was discovered that the hacked
emails belonged to individuals in the US, the UAE, India, Jordan, Pakistan, and
alike. Hackers would then use these emails to spam numerous other accounts.
As mentioned, the campaign is quite different
from how Fancy Bear usually approaches things. In the past, these same hackers
have been responsible for hitting the US Democratic National Committee , back in
2016. as well as a large number of different hacks before and after this
The group attacked prominent journalists
around the world, it hacked French television in 2016, as well as
the World Anti-Doping Agency in August 2016. It
meddled in German and French elections, and in 2018, it also hit conservative groups in the United States,
among other things.
The list of hacks goes on and on, as the group seems to have been rather busy.
One thing remains unknown, however, which is why did the hackers conduct the phishing campaign in this way, when they must have known that researchers will be able to identify them and learn of some of their former conquests? So far, researchers have suggested that they might be trying to evade filtering, although a definitive reason remains unknown.
Trend Micro has been monitoring the hacking
group for years, and it will continue to do so in an attempt to uncover and
warn about future threats.