Privacy News Sofacy APT Has Subtly Changed Tactics ( "parallel attacks")

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A well-known Russian cyber-espionage group has subtly changed its modus operandi, moving to what security researchers from Palo Alto Networks are calling "parallel attacks."

These new "parallel attacks" are in stark contrast with what security researchers from multiple cyber-security firms have previosuly seen from Sofacy, a well-known APT (advanced persistent threat —a term used to describe nation-state hackers).

For the past few years, this group —which has also been known under names like APT28, Sednit, Fancy Bear, Pawn Storm, and Tsar Team— has operated in a similar manner by targeting a small number of users inside an organization, usually with the same exploit chain and the same malware.

Sofacy widens attack arsenal for increased infection rate

But in a report published yesterday, Palo Alto researchers have revealed that the group has evolved from this stealthier tactic to a shotgun approach, regularly seen in the tactics of financially motivated hackers.


The first thing that jumped out to researchers is that instead of targeting a few key individuals inside an organization, the group is targeting a larger number of victims.


"The targeted individuals did not follow any significant pattern, and the email addresses were found easily using web search engines," said Palo Alto researchers Bryan Lee and Robert Falcone.


"This is a stark contrast with other attacks commonly associated with the Sofacy group where generally no more than a handful of victims are targeted within a single organization in a focus-fire style of attack."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top