Printer Friendly

Slovakia : Dissection of Sednit espionage group.

ESET researchers announce the staggered release of their extensive 3-part research paper En-Route with Sednit today. This infamous group of cyber-attackers also known as APT28, Fancy Bear and Sofacy, has been operating since 2004; its main objective, stealing confidential information from specific targets.

En Route with Sednit: Approaching the Target focuses on whom its phishing campaigns are aimed, the attack methods used and the first-stage malware we call SEDUPLOADER, composed of a dropper and its associated payload.

En Route with Sednit: Observing the Comings and Goings covers Sednits activities since 2014 and looks at its espionage toolkit, used for the long-term monitoring of compromised computers via two spying backdoors SEDRECO and XAGENT, plus the network tool XTUNNEL.

En Route with Sednit: A Mysterious Downloader describes the first-stage software named DOWNDELPH, which, according to our telemetry data has only been deployed seven times. Of note, some of these deployments employed advanced persistence methods: Windows bootkit and a Windows rootkit.

ESETs ongoing interest in these malevolent activities was born from the detection of an impressive number of custom software deployed by the Sednit group over the last two years, said Alexis Dorais-Joncas, the ESET Security Intelligence team lead dedicated to exploring the mystery behind Sednit group. Sednit's arsenal is in constant development; the group deploys brand-new software and techniques on a regular basis, while their flagship malware has also evolved significantly over the last years.

According to ESET researchers, data collected from Sednit phishing campaigns show that more than 1,000 high-profile individuals involved in Eastern European politics were attacked. Moreover, Sednit group, unlike any other espionage group before, developed its own exploit kit and deployed a surprisingly high number of 0-day exploits, concluded Dorais-Joncas.

Over the past several years, the groups high-profile activities have invited the considerable interest of many researchers in this field. Hence, the intended contribution of this document is to provide a readable technical description, with tightly grouped indicators of compromise (IOCs), available for immediate leverage by both researchers and defenders alike tasked with analyzing Sednit detections.

[c] 2016 Al Bawaba ( Provided by SyndiGate Media Inc. ( ).

COPYRIGHT 2016 SyndiGate Media Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2016 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Mena Report
Date:Oct 21, 2016
Previous Article:United States : Hawthorn Suites by Wyndham Serves Up Homemade Hawthorn(SM) Bringing Chef-Curated Eats to Travelers on the Road.
Next Article:Slovakia : ESET analysis: At least 15% of home routers unsecured.

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters