Security News > 2020 > March > Russian state-sponsored hackers have been sniffing Middle East defence firms, warns Trend Micro
The Russian hacking crew known variously as APT28, Fancy Bear and Pawn Storm has been targeting defence companies with Middle Eastern outposts, according to Trend Micro.
A new report from the threat intel firm says that the Russian state-backed hacking outfit went on a spree of targeting defence firms in the Middle East back in May last year.
According to Trend, around 38 per cent of the attacks fired off by the Russians were targeted at defence companies, with banking, construction and government targets making up the main portion of the others.
Further, Trend said APT28 were port-scanning mail servers, including Microsoft Exhcange Autodiscover boxen, on TCP ports 443 and 1433 in the hope of finding vulnerable machines to exploit, and use as a staging post in their ongoing campaign.
Close examination of APT28's spam-sending tactics revealed that they like using VPNs to try and hide their traces, with Trend stating: "Pawn Storm regularly uses the OpenVPN option of commercial VPN service providers to connect to a dedicated host that sends out spam. The dedicated spam-sending servers used particular domain names in the EHLO command of the SMTP sessions with the targets' mail servers."
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/19/apt28_middle_east/
Related news
- Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web (source)
- Russian laundering millions for Lazarus hackers arrested in Argentina (source)
- Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors (source)
- Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)