Malware for Filching Business and Government Data has Russia’s Support
According to FireEye the security company, malware created for capturing sensitive data that overseas governments and other businesses maintain is being developed within Russia while such malware is receiving the backing of the country's government, published cnet.com dated October 28, 2014.
Vice-President of Threat Intelligence Dan McWhorter at FireEye reports that his organization has recognized the gang responsible for the malware as APT28. APT28, according to him, since seven years or so, has been trying to seize privileged data concerning security agencies, militaries and governments. Cnet.com published this.
The vice-president further states that APT28 attempts at garnering intelligence for use during decision making at the top level, assessment of capabilities that organizations and governments at the regional levels acquire, as well as collecting various other information aiding in espionage operations. SCMagazine.com published this dated October 28, 2014.
The stolen intelligence/information, says McWhorter, lets the gang's financial supporters obtain chief details of the attacked entities' regional/internal policies as also initiatives, alliances with overseas bodies, defense/military positions, and more.
FireEye identified the attacked entities as the Internal Affairs Ministry of Georgia, the country's Defense Ministry, the government of Poland, journalists reporting about the Caucasus, the government of Hungary, Eastern Europe's Foreign Affairs ministry, Europe's Organization for Security & Co-operation, and NATO.
Moreover, according to Threat Intelligence Manager Laura Galante at FireEye, the gang, while employing the malware for the assaults, hack into networks by typically using spear phishing tactics. They continue to need their target make an error for accomplishing the hack, she explains. Threatpost.com published this dated October 28, 2014.
Understandably, when FireEye released the report on APT28, the company already spotted 103 malicious programs which were under the control of the gang; however, McWhorter is certain there are many more.
During October's early part, iSight Partners reported about another cyber-crime gang that apparently had connection with Russia's government as it used 0-day vulnerability in Microsoft Windows for attacking European Union's NATO along with different European, private telecomm and energy firms. Experts named the gang "Sandworm Team."
Subsequently, Trend Micro researchers said that Sandworm might be also looking for hijacking SCADA systems.
» SPAMfighter News - 11/3/2014