As the US justice department forges ahead with its investigation into the Trump administration and any possible collusion with Russia, the Fancy Bear hackers continue refining their attacks against global targets. As part of their new phishing campaign, the hackers are capitalising on the recent New York terror attack, to trick users into clicking on malicious documents, which in turn infects systems with their malware.
The Kremlin-linked hackers first made headlines during the 2016 US presidential campaign and are now widely considered to have orchestrated the cyberattacks against the US Democratic Party. The cyberespionage group has since been actively involved in various campaigns over the past year, targeting organisations and individuals across the globe.
The Fancy Bears’ most recent campaign, uncovered by security researchers at McAfee, involves the use of a black malicious document, titled “IsisAttackInNewYork”, which when clicked drops the hackers’ first-stage reconnaissance malware dropper Seduploader. The implant collects basic data from infected PCs and profiles prospective victims. Once hackers determine some interest in the victim, the implant then drops Fancy Bears’ customised malware X-Agent or Sedreco.