Tomcat
Professional
- Messages
- 2,695
- Reaction score
- 1,072
- Points
- 113
Since at least May last year, the APT group Fancy Bear (also known as APT28 and Pawn Storm) has been using hacked e-mail boxes belonging to the leadership of the Middle East defense industry and transport companies, as well as government officials, in its operations.
As explained by the company's security researcher Trend Micro fake Hakebord (Feike Hacquebord), attackers are connected to a dedicated server using OpenVPN options, provides commercial VPN-service, and then use the compromised credentials are authorized in the postal services and sending out malicious emails ...
The accounts of high-ranking officials were hacked by members of the APT group during previous campaigns. Why they needed to risk so much and give out the results of their victories using the hacked mail of company executives is still unknown. According to Hakebord, it is likely that attackers are willing to sacrifice information about their past campaigns to be able to bypass spam filters.
“However, we did not notice significant changes in the successful delivery of incoming messages in group spam mailings, which makes it difficult to understand the reasons for the change in methodology,” - said the researcher.
According to Hakebord's suggestion, the changes in methodology may be related to unknown new techniques at Fancy Bear's disposal that do not involve the use of malware.
