New Activities of Fancy Bear Group

Delaware, USA – March 2, 2018 – APT28 hacker group, aka Fancy Bear, recently launched a new cyber espionage campaign aimed at Ministries of Foreign Affairs in North America and European countries. Researchers from Palo Alto found that attackers send spear phishing emails spoofing “events@ihsmarkit.com” which contained a malicious Microsoft Excel document. In the email body they recommended enabling macros in Excel for displaying information in the document. The XLS file was created with Luckystrike open source tool, when macros were enabled, macro from XLS file created the executable loader and launched it. The loader installed modified malware known from past campaigns of this hacker group and established persistence. For this campaign, attackers used newly created command and control infrastructure.

Also, according to news agency dpa, Fancy Bear is behind the hacking of the government network IVBB in Germany. The attack was discovered in December 2017, investigators reported that attackers managed to compromise network at least a year before the discovery.

Attacks of Fancy Bear group target government and military organizations over the world. Attackers use social engineering and adopt successful techniques of other hacker groups, so their attacks are difficult to detect on time. APT Framework SIEM use case enables the most efficient use of your security technologies to detect the activity of APT threats at different stages of Cyber Kill Chain.