The message rar attachment contains an executable file: the malware itself. Stolen data is exfiltrated with smtp.
German media companies victims of Russian state sponsored cyber attacks. Sandworm targeted ZDF and WDR
German media companies have been victims of Russian cyber attacks. It has been reported by the Deutsche Welle that mention the recent cases of ZDF and WDR. The state-sponsored hacker group Sandworm attacked the IT networks of both media companies in early June, AFP added, with reference to excerpts from Der Spiegel’s as-yet unpublished material. The first company confirmed the cyber attack, while the second refused to comment due to safety issues. However, ZDF clarified that less than ten of its computers were attacked but no data was leaked. Two weeks ago, the Federal Office for the Protection of the Constitution reported that German media companies and organizations engaged in chemical weapons research became targets of professional cyber-attacks traced back to Sandworm. Der Spiegel reported that a Swiss laboratory, that analyzed the poison used against former Russian spy Sergei Skripal in UK, was one of the targets.
Sandworm is believed to be run by Russian GRU. In Germany, the BND warned of the potential cyber threats facing several key bodies
Sandworm is a hacking group believed to be run by Russia’s military intelligence service, GRU. According to US federal investigators, the malicious hackers are suspected of being also behind the attack on the US Democrats’ servers during the 2016 presidential election. The Russian group first appeared in 2013 and, according to German intelligence service BND, has targeted NATO servers, several western telecom companies and Ukrainian energy suppliers. Morerover, the BND a couple of weeks ago had warned of the potential cyber threats facing several key bodies in Germany, including the country’s public broadcasters and media companies. It’s not clear if this happened before or after the cyber attacks against ZDF and WDR. But it confirms once again that the European Country is in the middle of a malicious and perdurant cyber campaign from East.