FireEye recently detected a new highly targeted attack run by APT28 exploiting two zero-day flaw to compromise an “international government entity”.

Security experts at FireEye have recently detected a new cyber espionage campaign operated by the Russian APT28 group. This time the hackers run highly targeted attack by exploiting two zero-day vulnerabilities to target an “international government entity”.

1417280716_malware

In October 2014, the experts at FireEye published a report on the activity of a group of Russian hackers, dubbed APT28, that is behind long-running cyber espionage campaigns that targeted US defense contractors, European security organizations and Eastern European government entities.

The hackers also targeted attendees of European defense exhibitions, including the EuroNaval 2014, EUROSATORY 2014, and the Counter Terror Expo and the Farnborough Airshow 2014.

The APT28 took advantage of vulnerabilities in Adobe Flash software and Windows operating system.

“FireEye said that Adobe had issued a fix for the security weakness on Tuesday, so that users with the most current versions should be protected. The Microsoft problem by itself is less dangerous, since it involves enhanced powers on a computer from those of an ordinary user.” reported the Reuters Agency.

The vulnerability affecting Windows OS is still present, a Microsoft spokesman confirmed it and added that the company was working on a patch.

Investigators at several security firms believe that APT28 was responsible for a serious breach at U.S. State Department computers in November 2014, and the experts speculate that the team also compromised an unclassified network at the White House accessing sensitive information, including the President Obama agenda.

FireEye doesn’t confirm that APT28 is behind the two incidents.

FireEye researchers collected evidences that the APT28 group is linked to the Russian Government, the team of hackers “does not appear to conduct widespread intellectual property theft for economic gain, but instead is focused on collecting intelligence that would be most useful to a government.”

“APT28 appeared to target individuals affiliated with European security organizations and global multilateral institutions. The Russian government has long cited European security organizations like NATO and the OSCE as existential threats, particularly during periods of increased tension in Europe,” FireEye reported.”

APT28 is active since 2007 and it has targeted governments, militaries, and security organizations. The group focused its hacking campaign on targets that would be of interest to Russia, such as the Caucasus region with a focus on Georgia.

Stay Tuned …

Pierluigi Paganini