This article is more than 1 year old

Sofacy NotSoGood: Time to switch up our Trojan-slinging tactics

US gov employee sent dodgy attachment by 'foreign ministry'

A hacking group linked by researchers to the Kremlin has switched its tactics as part of a new attack against the United States government.

A spear phishing email from the Sofacy group (also known as APT28) sent to a "US government entity" from a potentially compromised account belonging to the Ministry of Foreign Affairs of what was described as "another government entity" came booby-trapped with the Carberp variant of the Sofacy Trojan.

“The threat actor added a new persistence mechanism into the Trojan, which had not been observed in previous attacks,” according to security researchers at Palo Alto Networks’ threat intelligence group, Unit 42. “The new variant requires user interaction, loading its payload into Microsoft Office applications when opened, helping the actors to evade detection.”

More details on the attack can be found in a blog post by Palo Alto Networks here.

The APT28 has previously been blamed for attacks against Georgia, governments in Eastern Europe, as well as NATO and the Organisation for Security and Co-operation in Europe. ®

More about

TIP US OFF

Send us news


Other stories you might like