Thursday, November 26, 04:50
Home security APT28: Scans the Internet for vulnerable email servers for a year

APT28: Scans the Internet for vulnerable email servers for a year

According to the security company Trend Micro, last year, one of the top state hacking her teams Ρωσίας deals with scanning the internet to detect vulnerable email servers. The company posted one yesterday report, which deals with its activities hacking group APT28, also known as Fancy Bear, Sednit and Pawn Storm.

This hacking team is said to be acting on its behalf Russian military service GRU information. It has been active since 2004 and is one of two Russian teams that have violated the email server of the DNC in 2016.

The APT28 is one of the most important but also the oldest state hacking teams. For this reason the researchers have managed to record and analyze in depth its activities. APT28 has been included in many security investigator reports.

According to these reports, the main weapon of APT28 over the past decade has been the use of spear-phishing methods. Via carefully processed emails that address selected goals and use zero-day exploits, APT28 has infected several victims malware, for the last 15 years.

Scan the Internet for vulnerabilities detection e-mail servers

According to Trend Micro's current report, the APT28 has changed slightly businesses and the methods she uses.

Spear-phishing attacks and malware remain, however, in the last year, and has been added scanning the internet for vulnerable emails servers (webmail and Microsoft Exchange Autodiscover servers on doors 445 and 1433).

Researchers don't know what APT28 is doing with its vulnerable email servers. They assume that hackers take control of the vulnerable system and they steal data ή use the server as a pawn for others attacks.

Έλεγχος email accounts for phishing attacks

In addition to scanning the internet, APT28 is involved in other activities, according to Trend Micro.

Through one network VPN servers, APT28 linked to abused emails accounts to legitimate corporate email servers.

Trend Micro believes that APT28 sends phishing emails to corporate employees and steals credentialsor corporate email accounts brute-force attacks to guess passwords.

Once it has obtained the credentials, it uses a network VPN servers and connects to accounts using stolen passwords.

APT28 can then steal data or use accounts to send Phishing emails to other victims.

These emails seem to come from real people, from legitimate companies, so they can more easily deceive new victims. In the meantime, APT28 may continue stealing news data etc.

Trend Micro reports that most companies affected by these new attacks are in United Arab Emirates and are active in defense.

APT28's new tactics show that the team is constantly changing the ways of attack to become even more effective and dangerous.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Mac: How to disable Favicons in Safari

Apple has decided that in Safari 14.0 and later versions it will display the favicons on the tabs. You do not like this ...

Android: How to enable dark mode

Dark Mode is a function in mobile and desktop operating systems that changes the user interface to a dark background. Many...

How to turn off the "Meet Now" feature in Windows 10

Earlier this year, Microsoft added Skype "Meet Now" to Windows 10 previews and ...

NCSC: Fix CVE-2020-15505 RCE Critical Error on MobileIron Platform

The National Cyber ​​Security Center of the United Kingdom (NCSC) issued a warning yesterday, urging all organizations to correct the critical ...

For the first time since the Middle Ages, on December 1 Jupiter-Saturn coupling

Jupiter and Saturn are going to align in a way that has not been done since the Middle Ages, astronomers say. When the...

Ransomware attacks have boosted Coalition revenue

Ransomware attacks, which encrypt a computer files and demand ransom for their decryption, have seen a dramatic increase in ...

The new version of Stantinko malware appears as an Apache web server

Stantinko, one of the oldest malware botnets, has updated its Linux malware, upgrading its trojan to appear as ...

Peatix user data has been leaked

One of the most popular events organizing applications, Peatix, was attacked, with a hacker leaking this month the ...

The M1 Macs can run six external monitors with DisplayLink

YouTuber Ruslan Tulupov states that it is possible to run up to six external screens from the M1 Mac mini and five ...

New WAPDropper malware infects Android devices for WAP scams

Check Point security researchers have discovered a new Android malware, which is used in attacks against users in Southeast Asia (mainly). New...