CISA-FBI cybersecurity experts: The malware has been involved in more than 400 aggressions on U.S. and international organizations.
Cluster 25: APT28 now exploits the SkinnyBoy backdoor to target. ministries of Foreign Affairs, embassies, defense industry and the military sector. The Russia-linked APT spreads the malware via spear phishing campaigns on a international scientific event in Spain
SkinnyBoy is a new malware exploited by APT28 (aka Fancy Bear, Sednit, Sofacy, Strontium, PwnStorm) to compromise targets via spear phishing campaigns. It has been discovered by Cluster 25 cybersecurity experts. The Russia-linked APT use the backdoor for an intermediary stage of the attack, to collect information about the victim and to retrieve the next payload from the command and control (C2) server. The malicious hackers likely started this campaign at the beginning of March, focusing on ministries of Foreign Affairs, embassies, defense industry and the military sector. The lure is a message with a spoofed invitation to an international scientific event in Spain.