Information Security News mailing list archives
APT28-linked trojan being developed in multiple programming languages, research shows
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 19 Dec 2018 06:18:19 +0000 (UTC)
https://www.cyberscoop.com/sofacy-apt28-zebrocy-go-palo-alto-networks/ By Zaid Shoorbajee CYBERSCOOP December 18, 2018An elite Russia-linked hacking group is creating multiple versions of one of its go-to malicious tools in an apparent attempt to make its activity harder to detect, according to research published Tuesday by Palo Alto Networks.
The company's Unit42 threat intelligence team says that the hacker group Sofacy, also known as APT28, Fancy Bear and many other names, has been spotted using a version of the Zebrocy trojan written in the "Go" programming language in multiple phishing campaigns. The findings add to a list of Zebrocy variants written in different types of code.
Researchers and Western governments have largely attributed APT28 to Russian intelligence services.
"The use of a different programming language to create a functionally similar Trojan is not new to this group, as past Zebrocy variants have been developed in AutoIt, Delphi, VB.NET, C# and Visual C++," the researchers wrote. "While we cannot be certain the impetus for this, we believe the threat group uses multiple languages to create their Trojans to make them differ structurally and visually to make detection more difficult."
[...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- APT28-linked trojan being developed in multiple programming languages, research shows InfoSec News (Dec 18)
