Level 75
Researchers at Palo Alto spotted a new campaign of the Russian Fancy Bear APT using a new Mac OS X Trojan against companies in the aerospace industry.

In the last weeks, we have discussed a lot about a string of attacks that targeted the US Democratic National Committee (DNC), security experts collected evidence of the involvement of Russian nation-state actors.

In particular, security experts at threat intelligence firm ThreatConnect have conducted an analysis on the IP addresses listed in the flash alert issued in August by the FBI that warned about two cyber attacks against the election systems in two U.S. states.

The experts from ThreatConnect discovered some connections to a Russian threat actor alleged linked to the Government of Moscow. One of the domains hosting the phishing content was registered with an email address associated with a domain known to be used by the infamous APT28 group (aka Fancy Bear, Pawn Storm, Sednit, Sofacy).

Full Article.