Table of Contents
When the world was focusing on midterm elections of America, a prominent Russian group was busy in creating innovative phishing technique to expand its reach. You may recall a few things about this if you remember the attack on Democratic National Committee in 2016. Yes, you got that right! We are talking about the Sofacy hacker Group or Fancy Bear. It has several other aliases such as APT28, Sednit, Pawn Storm, and Tsar Team. This group is known for constantly updating their technology, tools and methods for victimizing masses.
What is Sofacy Hacker Group?
It is cyber espionage which is claimed to have connections with Russian Military Intelligence as well. This group is active since mid-2000 and have constant targets, which are military, political and security organizations. It uses tools like spear-phishing attacks, malware and zero-day exploits to compromise targets. Sofacy has successfully attacked on the German parliament, the French television station TV5Monde, the White House, Organization for Security and Co-operation in Europe, NATO and the campaign of French presidential candidate Emmanuel Macron. But why this is in limelight again?
Sofacy Group- Harnessing power of Zebrocy
Also Read : Different type of Hackers (And what they do)
As discussed earlier, this group constantly updates itself. And now, it is using a platform named Zebrocy. It is delivered through phishing attacks, which contain malicious MS office documents; these have macros as well as some executable file attachments. Usage of this platform ensures that their trap is wider.
This is something bizarre because Sofacy group is known to victimize a small group, all within one organization- possibly indulged in similar kind of activities such as working in security office or involved in political campaign. However, this time, they have targeted various government organizations which were involved in foreign affairs, all of them from different geopolitical regions.
Apart from this, they are also involved in Dynamic Data Exchange attack technique that was documented by McAfee. The instances we are familiar about are different from one another, and thus are highly difficult to identify.
The DDE technique was used to deliver and install a new Zebrocy version, which was written in C++. It was also used to deliver another payload known as Koadic, an open source penetration testing toolkit.
Sofacy Hacker group had never used Koadic before. Koadic is JScript-oriented Remote Administration Tool (RAT) created to allow hackers to effectively control and maintain access to Windows hosts intruded by any means.
There is More
If reports are to be trusted, then this group has evolved from being secretive to shotgun approach. However, this is something quite common in the low-level hackers who look forward to monetary benefits desperately but not in groups like Sofacy. They have begun an endless spree to victimize more individuals across the country, and the worst part is they are using freely available tools and parallel attacks to widespread the attack globally. According to Palo Alto Networks, Sofacy group is trying their hands on other attack methods and it may prove fatal for the users worldwide.
Must Read : How Hackers Work and How to Protect Yourself?
Techniques Used By Sofacy
If experts are to be trusted, then Sofacy aren’t just limited to the version of Zebrocy but are also using related platforms as well. For penetration, they use spear phishing campaigns that are hard to identify! They also focus on zero-day vulnerability and drop malware from websites, which are disguised as new delivering websites. They are adept at working on several software, namely ADVSTORESHELL, CHOPSTICK, JHUHUGIT, XTunnel, etc. And thus, it should not come as surprise to us if they come up with new techniques.
The Final Verdict
The Sofacy group was active and was successful in their deeds in 2018, therefore we can’t expect anything less from them this year. Also, they have been inactive for a few months and must be preparing for comeback. Therefore, we need to strengthen our security practices else this group will add another golden feather in its hat and we’ll be left with nothing but regrets!