Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

APT28-linked trojan being developed in multiple programming languages, research shows

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 19 Dec 2018 06:18:19 +0000 (UTC)
https://www.cyberscoop.com/sofacy-apt28-zebrocy-go-palo-alto-networks/

By Zaid Shoorbajee
CYBERSCOOP
December 18, 2018
An elite Russia-linked hacking group is creating multiple versions of one of its go-to malicious tools in an apparent attempt to make its activity harder to detect, according to research published Tuesday by Palo Alto Networks.
The company's Unit42 threat intelligence team says that the hacker group Sofacy, also known as APT28, Fancy Bear and many other names, has been spotted using a version of the Zebrocy trojan written in the "Go" programming language in multiple phishing campaigns. The findings add to a list of Zebrocy variants written in different types of code.
Researchers and Western governments have largely attributed APT28 to Russian intelligence services.
"The use of a different programming language to create a functionally similar Trojan is not new to this group, as past Zebrocy variants have been developed in AutoIt, Delphi, VB.NET, C# and Visual C++," the researchers wrote. "While we cannot be certain the impetus for this, we believe the threat group uses multiple languages to create their Trojans to make them differ structurally and visually to make detection more difficult." 

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: