Security News > 2020 > March > Russian state-sponsored hackers have been sniffing Middle East defence firms, warns Trend Micro

Russian state-sponsored hackers have been sniffing Middle East defence firms, warns Trend Micro
2020-03-19 19:42

The Russian hacking crew known variously as APT28, Fancy Bear and Pawn Storm has been targeting defence companies with Middle Eastern outposts, according to Trend Micro.

A new report from the threat intel firm says that the Russian state-backed hacking outfit went on a spree of targeting defence firms in the Middle East back in May last year.

According to Trend, around 38 per cent of the attacks fired off by the Russians were targeted at defence companies, with banking, construction and government targets making up the main portion of the others.

Further, Trend said APT28 were port-scanning mail servers, including Microsoft Exhcange Autodiscover boxen, on TCP ports 443 and 1433 in the hope of finding vulnerable machines to exploit, and use as a staging post in their ongoing campaign.

Close examination of APT28's spam-sending tactics revealed that they like using VPNs to try and hide their traces, with Trend stating: "Pawn Storm regularly uses the OpenVPN option of commercial VPN service providers to connect to a dedicated host that sends out spam. The dedicated spam-sending servers used particular domain names in the EHLO command of the SMTP sessions with the targets' mail servers."


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/19/apt28_middle_east/