Posted on March 24, 2020 at 7:59 AM
Trend Micro security researchers recently reported a newly-discovered phishing campaign, stating that the hackers responsible for the attack work for the Russian government.
Fancy Bear’s new campaign revealed
A Russian cyberespionage group, best known as Fancy Bear, but also called APT28, Sofacy Group, Tsar Team, Pawn Storm, Sednit, and STRONTIUM by different cybersecurity companies, was recently discovered to be involved in a series of phishing attacks, as reported by Trend Micro.
The attacks have all been part of a long campaign where the group seemingly abandoned its usual methods — at least for this campaign. Earlier, hackers were relying on things such as malware infections and zero-day vulnerabilities to conduct their attacks against specific targets, as reported by CyberScoop. This time, however, they used numerous previously hacked emails, belonging to high-profile victims in countries around the world.
So far, it was discovered that the hacked emails belonged to individuals in the US, the UAE, India, Jordan, Pakistan, and alike. Hackers would then use these emails to spam numerous other accounts.
Hackers change their approach
As mentioned, the campaign is quite different from how Fancy Bear usually approaches things. In the past, these same hackers have been responsible for hitting the US Democratic National Committee, back in 2016. as well as a large number of different hacks before and after this incident.
The group attacked prominent journalists around the world, it hacked French television in 2016, as well as the World Anti-Doping Agency in August 2016. It meddled in German and French elections, and in 2018, it also hit conservative groups in the United States, among other things.
The list of hacks goes on and on, as the group seems to have been rather busy.
One thing remains unknown, however, which is why did the hackers conduct the phishing campaign in this way, when they must have known that researchers will be able to identify them and learn of some of their former conquests? So far, researchers have suggested that they might be trying to evade filtering, although a definitive reason remains unknown.
Trend Micro has been monitoring the hacking group for years, and it will continue to do so in an attempt to uncover and warn about future threats.