A well-known Russian cyber-espionage group has subtly changed its modus operandi, moving to what security researchers from Palo Alto Networks are calling "parallel attacks."
These new "parallel attacks" are in stark contrast with what security researchers from multiple cyber-security firms have previosuly seen from Sofacy, a well-known APT (advanced persistent threat —a term used to describe nation-state hackers).
For the past few years, this group —which has also been known under names like APT28, Sednit, Fancy Bear, Pawn Storm, and Tsar Team— has operated in a similar manner by targeting a small number of users inside an organization, usually with the same exploit chain and the same malware.
Sofacy widens attack arsenal for increased infection rate
But in a
report published yesterday, Palo Alto researchers have revealed that the group has evolved from this stealthier tactic to a shotgun approach, regularly seen in the tactics of financially motivated hackers.
The first thing that jumped out to researchers is that instead of targeting a few key individuals inside an organization, the group is targeting a larger number of victims.
"The targeted individuals did not follow any significant pattern, and the email addresses were found easily using web search engines," said Palo Alto researchers Bryan Lee and Robert Falcone.
"This is a stark contrast with other attacks commonly associated with the Sofacy group where generally no more than a handful of victims are targeted within a single organization in a focus-fire style of attack."