430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cyber spies of the Sofacy APT increased its operations tenfold

According to a new report published by the Kaspersky Lab, the Sofacy APT has recently increased its activities. According to a new report published by the Kaspersky Lab, the Advanced persistent threat group Sofacy (also known as APT28 , Fancy Bear, Sednit, and STRONTIUM) has increased its activity. The Sofacy group has been active since 2008, targeting mostly military […]

Cyber spies of the Sofacy APT increased its operations tenfold

According to a new report published by the Kaspersky Lab, the Sofacy APT has recently increased its activities.

According to a new report published by the Kaspersky Lab, the Advanced persistent threat group Sofacy (also known as APT28 , Fancy Bear, Sednit, and STRONTIUM) has increased its activity.

The Sofacy group has been active since 2008, targeting mostly military and government entities in NATO countries, the experts speculate that its is a nation-state actor.

The experts speculate that the Sofacy has increased its operations tenfold by targeting high-profile entities by using a new set of hacking tools.

In the last months, the researchers have uncovered a series of attacks, relying on a new set of tools and zero-day exploits, and targeting defense-related targets with specific focus with the Ukraine.

“In the months leading up to August, the Sofacy group launched several waves of attacks relying on zero-day exploits in Microsoft Office, Oracle Sun Java, Adobe Flash Player and Windows itself. For instance, its JHUHUGIT implant was delivered through a Flash zero-day and used a Windows EoP exploit to break out of the sandbox. ” state a blog post published by Kaspersky Lab.

sofacy eng_1

The experts spotted a rare modification of the AZZY backdoor used by the threat actors for reconnaissance purposes. The first versions of the AZZY backdoor were discovered in August, once the attackers compromise the target they use more backdoor for lateral movements.

“The attackers deploy a rare modification of the AZZY backdoor, which is used for the initial reconnaissance. Once a foothold is established, they try to upload more backdoors, USB stealers as well as other hacking tools such as “Mimikatz” for lateral movement,” continues the post.

Kurt Baumgartner, principal security researcher at Kaspersky Lab, explained that the Sofacy APT group is very technically capable, it is able to design new hacking tools depending on the specific target.

“This quick work is a new characteristic of their work, and this stepped up urgency is something that is unusual. In general, APT intrusions can last months or longer, and in these cases, we see Sofacy acting with unusually ramped urgency,” Baumgartner said.

We will continue to follow the operations of the Sofacy APT group, stay tuned …

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Sofacy APT, cyberespionage)

[adrotate banner=”5″]

[adrotate banner=”13″]