Security News > 2020 > September > New Zebrocy Campaign Suggests Russia Continues Attacks on NATO
While some security researchers see Zebrocy as a separate adversary, others have shown connections between various threat actors operating out of Russia, including a link between GreyEnergy and Zebrocy attacks.
Lures employed in these attacks had a NATO-related theme, a recurring motif in APT28 campaigns - the adversary used a similar theme in attacks in 2017.
The intended victim in the new attacks was a specific government body in Azerbaijan, but other NATO members or countries involved in NATO exercises might have been targeted as well.
"QuoINT concludes with medium-high confidence that the campaign targeted a specific government body, at least in Azerbaijan. Although Azerbaijan is not a NATO member, it closely cooperates with the North-Atlantic organizations and participates in NATO exercises. Further, the same campaign very likely targeted other NATO members or countries cooperating with NATO exercises," QuoINT says.
The security researchers also note that this APT28 attack shows striking similarities with a ReconHellcat/ BlackWater attack uncovered last month: the compressed Zebrocy malware and the lure in the BlackWater attack were both uploaded on August 5 by the same user in Azerbaijan, the attacks happened simultaneously, and victimology is similar in both attacks.