The kremlin-linked unit, known as APT28 or Fancy Bear, weaponized a real Word document.
Last year, the Kremlin-linked unit “Fancy Bear” infiltrated the computer networks of the Democratic National Committee, leaking tens of thousands of emails to the online world. Now they have returned with a new operation targeting potential attendees of an upcoming cybersecurity conference in the US.
This new operation carried out by Fancy bear included a two-page Word document with a reconnaissance malware known as “Seduploader,” and titled “Conference_on_Cyver_Conflict.doc”. This file was meant to attack delegates from CyCon and Cyber Conflict US, with the addition of Cisco Talos, who have experienced a peak in cyber attacks since they first spotted the malware. If the cyber attack was successful, the team would attempt to siphon any secretive data from victims’ computers.
Fancy bear or “Group 74” has been linked to the malware “Seduploader” in the past and regularly uses real world events as the starting point for attacks. Experts from Talos stated in a joint report on October, 22, “The targeted people are linked or interested in the cybersecurity landscape according to the nature of the document”.
General of the US Army’s Cyber Command Paul Nakasone and former US National Security Agency Director Keith Alexander are some of the high profile lecturers billed to talk at CyCon, which is going to take place on 7 and 8 of November.
Cisco Talos experts have said, “In this case, Group 74 or ‘Fancy Bear’ did not use any Zero-day exploits, instead only used scripting language embedded within the Word document”. Experts on Cybersecurity have declared that the hackers may be associated with Russian intelligence.
The team of experts from Cisco Talos also noted “Hackers will often not use exploits in an effort to avoid that researchers find and patch these, thus, eliminating the danger. In the same way, we could suggest they did not use any exploits to ensure viability for any other operations”.
Vendors and manufacturers are targets of Zero-day exploits typically used to exploit a gap in cybersecurity. Investigations are being carried out according to a US military spokesperson, who added that further details will be published.
A división of the Department of Homeland Security published a report that highlighted Fancy bear, the report reads “officials have observed hacking attempts at government entities and organizations in water, aviation, nuclear, energy and critical manufacturing sectors”. Russian intelligence is also linked to these attacks.