A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
EU governments targeted by russian hackers ahead of European parliament elections
FireEye: Russian hackers are targeting EU government systems ahead of the European parliament elections. APT28 and Sandworm spread spear phishing campaigns for cyber espionage on governments, political parties and candidates
Russian hackers are targeting EU government systems ahead of the European parliament elections (May 23-26). It has been discovered by FireEye cyber security experts, according to Computer Weekly. APT28 (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and Strontium) and Sandworm have been sending out authentic-looking spear phishing emails to officials. The goal is cyber espionage: steal sensitive information about governments, political parties and candidates ahead the vote. To increase their chances of success, the two APTs register and use internet domains similar to those which are familiar and trusted by the recipients. For example, targets have been sent emails containing links which could appear to direct to real government websites. They also display a sender that appears to be genuine. So, the victim is lured to open the malicious attachments and links. Sometimes they use malware to infiltrate in the user’s system.
Brussels is working together with Big of cyber security, as Google, and ENISA to counter malicious actors and APTs
Next EU parliament elections are critical, as the could increase or reconstructs the splits within the European Union, determining the future of Europe. That’s why Brussels and Big of cyber security are working together to protect them especially against state-sponsored hackers, as APT28 and Sandworm. Google has deployed Project Shield, Alphabet’s anti-DDoS developed by Jigsaw. Furthermore, the company has fielded the “Protect Your Election” initiative, which also gives training and Google account security tools to officials, candidates, and journalists, as well as providing a tool called “Perspective” to automatically detect abusive online comments. ENISA, the European Union Agency for Network and Information Security, issued some recommendations on how to increase the cyber defense, underlining that there is a high risk of attempts to meddling by cyber means. Especially on the public political campaigning process side.