Archive for the ‘Fancy Bear’ Category

Ukraine malware author turns witness in Russian DNC hacking investigation

August 16th, 2017

Enlarge / A bear. (credit: Yathin S Krishnappa)

A Ukrainian malware author who built the PAS Web shell—a PHP-based implant used to execute commands remotely on hacked systems—has turned himself in to Ukrainian authorities. He has been cooperating with the Federal Bureau of Investigation's probe into the apparent Russian hacking of the Democratic National Committee. The information provided by "Profexor" to Ukrainian investigators and the FBI reveals, in part, how hackers (who were apparently coordinated by a Russian intelligence agency) used a combination of purpose-built and community tools as part of what researchers have labeled as the threat group "APT 28," also known as "Fancy Bear."

According to a report by The New York Times' Andrew Kramer and Andrew Higgins, "Profexor" has not been charged in Ukraine, as he didn't use his remote access tool himself for malicious purposes. He did offer a version of the remote access tool for free on his member-only website, but he also built custom versions and provided training for pay. One of his customers was someone who used the tool in connection with malware connected to Fancy Bear to establish a backdoor into the DNC's network.

Ukrainian Member of Parliament Anton Gerashchenko, a former advisor to Ukraine's interior minister, told the Times that Profexor's contact with the Russians behind the DNC hack was entirely via online conversations and voice calls. Gerashchenko said that "Profexor" was paid to write a custom version of his tool without knowing what it would be used for.

Read 2 remaining paragraphs | Comments

Posted in APT 28, DCCC, DNC Hack, election hacking, Fancy Bear, FBI, Policy, Tech, Ukraine | Comments (0)

Fancy Bear bites hotel networks as EternalBlue mystery deepens

August 15th, 2017
The attack, presumably to spy on high-value hotel guests, is textbook Fancy Bear, say researchers

Posted in APT28, EternalBlue, Fancy Bear, Hotel, malware, Microsoft, Vulnerability | Comments (0)

Russian Hackers Spying on VIP Hotel Guests Using Leaked NSA Tool

August 12th, 2017

By Waqas

Fancy Bear (1) or APT28 (2) is a Russia hacker

This is a post from HackRead.com Read the original post: Russian Hackers Spying on VIP Hotel Guests Using Leaked NSA Tool

Posted in APT28, Cyber Attack, Cyber Attacks, Cyber Crime, Fancy Bear, Hacking, hacking news, Internet, leaks, malware, NSA, privacy, russia, security, Surveillance, Technology | Comments (0)

DNC hackers from Russia used NSA-developed attack code in attack on hotels

August 11th, 2017

Enlarge / Part of a booby-trapped Microsoft Word document that was sent to multiple hotels. Once infected, computers would attempt to compromise other computers connected to the same network. (credit: FireEye)

A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday.

Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June.

Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.

Read 7 remaining paragraphs | Comments

Posted in APT 28, Biz & IT, Eternal Blue, Fancy Bear, Hacking, NSA, Policy, shadow brokers. national security agency | Comments (0)

Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity

August 8th, 2017
Attackers behind APT campaigns have kept busy in Q2 2017, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines.

Posted in advanced persistent threat, apt, APT28, BlackOasis, Brian Bartholomew, equation group, EQUATIONVECTOR, Fancy Bear, Gray Lambert, Juan Andres Guerrero-Saade, Lamberts APT, Lazarus Group, malware, nation states, NOBUS, ransomware, Sofacy, Turla, Wiper attacks | Comments (0)

It’s the Corruption, Stupid: why Russians aren’t the biggest threat to Election Security

August 7th, 2017

In-brief: Russian hackers aren’t the biggest threat to the security and integrity of elections says Bev Harris of Black Box Voting. Instead, it’s a more common enemy: run of the mill political corruption, mostly at the local level. Also: Eric Hodge of CyberScout talks about the challenges of helping states secure their election...

Read the whole entry... »

Related Stories

Posted in conferences, critical infrastructure, Cybercrime, data theft, DefCon, election systems, extortion, Fancy Bear, FBI, Federal Court, forensics, fraud, Government, Hacking, Hacks & Hackers, hardware, law enforcement, Podcasts, Policy, Reports, russia, software, standards, Top Stories, trends, voting, vulnerabilities | Comments (0)

New Web tool tracks Russian “influence ops” on Twitter

August 2nd, 2017

German Marshal Fund for the US/Alliance for Securing Democracy


The Alliance for Securing Democracy, a bipartisan project backed by the German Marshall Fund of the United States (GMF), has launched a Web tool to keep tabs on Russia's ongoing efforts to influence public opinion in the United States and abroad. Called Hamilton 68—named for the 68th edition of the Federalist Papers, in which Alexander Hamilton discussed how to prevent foreign meddling and influence in America's electoral process—the Web dashboard tracks 600 Twitter accounts "linked to Russian influence activities online." That's according to a blog post by the Alliance's senior fellow and director Laura Rosenberger and non-resident fellow J.M. Berger.

Russia's use of Twitter and other social media in the run-up to the 2016 US presidential election (as well as in France, Germany, and Poland) as part of "influence operations" has been well documented. In a New York Times Magazine article in 2015, Adrian Chen exposed a "troll factory" operating on behalf of the interests of the Russian government. The "Internet Research Agency" conducted trial runs well before the election, spreading a hoax about a fictitious accident at a Louisiana chemical plant. And influence operations have continued since the election in the US, promoting stories from both official Russian government media sources and sites like InfoWars.

Read 11 remaining paragraphs | Comments

Posted in 2016 election, disinformation, Fancy Bear, influence operation, Policy, propaganda, russia, Tech, twitter | Comments (0)

New Web tool tracks Russian “influence ops” on Twitter

August 2nd, 2017

German Marshal Fund for the US/Alliance for Securing Democracy


The Alliance for Securing Democracy, a bipartisan project backed by the German Marshall Fund of the United States (GMF), has launched a Web tool to keep tabs on Russia's ongoing efforts to influence public opinion in the United States and abroad. Called Hamilton 68—named for the 68th edition of the Federalist Papers, in which Alexander Hamilton discussed how to prevent foreign meddling and influence in America's electoral process—the Web dashboard tracks 600 Twitter accounts "linked to Russian influence activities online." That's according to a blog post by the Alliance's senior fellow and director Laura Rosenberger and non-resident fellow J.M. Berger.

Russia's use of Twitter and other social media in the run-up to the 2016 US presidential election (as well as in France, Germany, and Poland) as part of "influence operations" has been well documented. In a New York Times Magazine article in 2015, Adrian Chen exposed a "troll factory" operating on behalf of the interests of the Russian government. The "Internet Research Agency" conducted trial runs well before the election, spreading a hoax about a fictitious accident at a Louisiana chemical plant. And influence operations have continued since the election in the US, promoting stories from both official Russian government media sources and sites like InfoWars.

Read 11 remaining paragraphs | Comments

Posted in 2016 election, disinformation, Fancy Bear, influence operation, Policy, propaganda, russia, Tech, twitter | Comments (0)

Microsoft opens up a new front in the battle against Fancy Bear

July 24th, 2017
Microsoft's lawyers have gone after the the hacking group's web domains - with some success

Posted in DNC Hack, Fancy Bear, Microsoft, Security threats | Comments (0)

Microsoft’s secret weapon in ongoing struggle against Fancy Bear? Trademark law

July 21st, 2017

Enlarge (credit: Harald Deischinger)

On Friday, representatives of the notorious hacking entity known as Fancy Bear failed to appear in a federal court in Virginia to defend themselves against a civil lawsuit brought by Microsoft.

As the Daily Beast first reported on Friday, Microsoft has been waging a quiet battle in court against the threat group, which is believed to be affiliated with the GRU, Russia's foreign intelligence agency. For now, the company has managed to seize control of 70 domain names, but it's going after many more.

The idea of the lawsuit, which was filed in August 2016, is to use various federal laws—including the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and American trademark law—as a way to seize command-and-control domain names used by the group, which goes by various monikers, including APT28 and Strontium. Many of the domain names used by Fancy Bear contain Microsoft trademarks, like microsoftinfo365.com and hundreds of others.

Read 5 remaining paragraphs | Comments

Posted in Domain, Fancy Bear, Law & Disorder, Microsoft, Risk Assessment, trademark | Comments (0)