Auteur Sujet: [FireEye]APT28: A Window into Russia's Cyber Espionage Operations?  (Lu 176 fois)

0 Membres et 1 Invité sur ce sujet

Hors ligne igor51

  • Admin
  • Mega Power Members
  • *****
  • Messages: 10275
APT28: A Window into Russia's Cyber Espionage Operations?

The role of nation-state actors in cyber attacks was perhaps most
  widely revealed in February 2013 when Mandiant released the     target="_blank" href="http://www.mandiant.com/apt1">APT1 report,
  which detailed a professional cyber espionage group based in China.
  Today we release a new report:     href="https://www2.fireeye.com/apt28.html">APT28: A Window Into
    Russia’s Cyber Espionage Operations?


 

This report focuses on a threat group that we have designated as
  APT28. While APT28’s malware is fairly well known in the cybersecurity
  community, our report details additional information exposing ongoing,
  focused operations that we believe indicate a government sponsor based
  in Moscow.


 

In contrast with the China-based threat actors that FireEye tracks,
  APT28 does not appear to conduct widespread intellectual property
  theft for economic gain. Instead, APT28 focuses on collecting
  intelligence that would be most useful to a government. Specifically,
  FireEye found that since at least 2007, APT28 has been targeting
  privileged information related to governments, militaries and security
  organizations that would likely benefit the Russian government.


 

In our report, we also describe several malware samples containing
  details that indicate that the developers are Russian language
  speakers operating during business hours that are consistent with the
  time zone of Russia’s major cities, including Moscow and St.
  Petersburg. FireEye analysts also found that APT28 has systematically
  evolved its malware since 2007, using flexible and lasting platforms
  indicative of plans for long-term use and sophisticated coding
  practices that suggest an interest in complicating reverse engineering efforts.


 

We assess that APT28 is most likely sponsored by the Russian
  government based on numerous factors summarized below:


 


        width="569" height="426" alt="Table for APT28"
      src="https://www.fireeye.com/content/dam/legacy/blog/2014/10/Table-for-APT28.jpg" class="aligncenter  wp-image-6770 landscape-med" />


 

FireEye is also releasing indicators to help organizations detect
  APT28 activity. Those indicators can be downloaded at     target="_blank" href="https://github.com/fireeye/iocs">https://github.com/fireeye/iocs.


 

As with the APT1 report, we recognize that no single entity
  completely understands the entire complex picture of intense cyber
  espionage over many years. Our goal by releasing this report is to
  offer an assessment that informs and educates the community about
  attacks originating from Russia. The complete report can be downloaded
  here: /content/dam/legacy/resources/pdfs/apt28.pdf.


Source: APT28: A Window into Russia's Cyber Espionage Operations?

Security-X


Tags: