Security News > 2022 > January > Russian APT29 hackers' stealthy malware undetected for years

EXCLUSIVE: Hackers associated with the Russian Federation Foreign Intelligence Service continued their incursions on networks of multiple organizations after the SolarWinds supply-chain compromise using two recently discovered sophisticated threats.

In a report shared exclusively with BleepingComputer, cybersecurity company CrowdStrike today describes in detail the latest tactics, techniques, and procedures observed in cyberattacks from the Cozy Bear state-sponsored hackers.

During their incident response work on APT29 StellarParticle attacks, CrowdStrike's researchers used the User Access Logging database to identify earlier malicious account usage, which led to finding the GoldMax for Linux and TrailBlazer malware.

Tim Parisi, Director of Professional Services at CrowdStrike, told BleepingComputer that the covert activity of the two malware pieces delayed the discovery of the two malware pieces, as the researchers found them in mid-2021.

After gaining access to a target organization's infrastructure and established persistence, APT29 hackers took every opportunity to collect intelligence that would allow them to further the attack.

Cozy Bear hackers are some of the most sophisticated threat actors in the cyber espionage world, with top skills to infiltrate and stay undetected on a company's infrastructure for long periods.

News URL

https://www.bleepingcomputer.com/news/security/russian-apt29-hackers-stealthy-malware-undetected-for-years/