Most targets were individuals with Gmail addresses
Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed ransacking the US Democratic National Committee’s computers.
Sednit – also known as APT28, Fancy Bear and Sofacy – has been operating since 2004 and attacking targets as diverse as the DNC, the German parliament, and the French TV network TV5Monde.
Other targets have included high-profile figures in Eastern European politics – including Ukrainian leaders, NATO officials and Russian political dissidents.
The Spetsnaz of computer hacking favor phishing attacks and zero-day exploits, according to security researchers at ESET, the Slovakian IT security company:
Most of the targets uncovered by ESET’s research have Gmail addresses, the majority of which belong to individuals. Individual targets included political leaders and heads of police of Ukraine, members of NATO institutions, members of the People’s Freedom Party, Russia’s People’s Freedom Party, Russian political dissidents ‘Shaltay Boltai,’ an anonymous Russian group known to release private emails of Russian politicians, journalists based in Eastern Europe, academics visiting Russian universities, and Chechen organizations.
The group exploited no fewer than six zero-day vulnerabilities in the likes of Windows, Adobe Flash and Java last year alone, according to ESET. “A run-of-the-mill criminal gang would be unlikely to make use of quite so many previously unknown, unpatched vulnerabilities because of the significant skill, time and resources required to properly uncover and exploit them,” it concludes.
The first part of ESET’s planned three-part white paper into Sednit can be found here [PDF]. ®