Login

Register

Login

Register


The infamous Russian threat group known as APT28 or Pawn Storm has spent the past year scanning for vulnerable email, Microsoft SQL Server and Directory Services servers, in what appears to be something of a change in tactics.

The APT group, also known as Sednit, Sofacy and Strontium, has been responsible for some of the most explosive cyber-espionage campaigns of recent years, stealing sensitive information from the Democratic National Committee (DNC) that Hillary Clinton has claimed helped Donald Trump to power.

In line with the wishes of its Kremlin masters, the group also hacked the world anti-doping agency (WADA) multiple times after a massive state-sponsored doping scheme came to light.

The group commonly favors spear-phishing and malware to infiltrate targeted organizations. However, Trend Micro claimed in a new report on Thursday that it has spent much of 2019 scanning port 443 for exposed email servers and Microsoft Exchange Autodiscover servers across the globe.

After finding vulnerable systems, the group looked to brute force credentials, exfiltrate email data and send out more spam waves, according to the report.

On the receiving end were traditional APT28 targets such military and defense organizations, governments, law firms, political parties and universities, but also more unusual ones such as private schools in France and the UK, and even a kindergarten in Germany.

The group also scanned for TCP ports 445 and 1433 to find vulnerable global servers running Microsoft SQL Server and Directory Services, Trend Micro revealed.

Another tactic deployed last year was to use the previously compromised email accounts of high-profile targets to send out phishing emails to their contacts. Defense companies in the Middle East were the main targets.

It’s unclear why the group changed tact in this way: Trend Micro suggests it could be an attempt to evade spam filters. However, the vendor said these tactics failed to result in significantly more inbox deliveries.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW