Russian hackers use Zero-Days malware to try to get US sanctions data
The spying scheme was detected on April 13 by U.S. cybersecurity firm FireEye Inc. and targeted an agency of an overseas government that was in discussions with the U.S. about sanctions policy. The attack was halted before the group extracted any data, the company said in a blog post Saturday.
Hackers are getting increasingly sophisticated in their techniques and their interests. SMH
The hacking group, which FireEye calls Advanced Persistent Threat 28, or APT28, is known for advanced cyber-attacks and its use of malware known as Sofacy. In this case, it took the unusual step of using two so-called zero-day exploits to try to infiltrate the computer systems of its victim in a highly sophisticated attack, FireEye said.
Zero-day vulnerabilities are highly sought after by hackers because they are weaknesses that haven't been previously detected and so there is no immediate defense.
FireEye researchers detected the attack because the intended victim was a company customer, according to the person who asked for anonymity because the information isn't public.
FireEye identified APT28 in a report last October, saying then that it was most likely sponsored by Russia's government.
Russian President Vladimir Putin's spokesman, Dmitry Peskov, dismissed the report's findings at the time. Peskov didn't answer calls on Saturday.
ATP28's targets have included the North Atlantic Treaty Organization's special operations headquarters, the governments of Poland and Hungary, and the ministries of defense and internal affairs in Georgia, which fought a war with Russia in 2008, FireEye's October report said.
Bloomberg
Subscribe to gift this article
Gift 5 articles to anyone you choose each month when you subscribe.
Subscribe nowAlready a subscriber?
Latest In World
Fetching latest articles