Her researchers ESET announced that they had proceeded with the gradual publication of an extensive research work of 3 sections entitled "En-Route with Sednit". Sednit, a notorious cybercriminal group - also known as APT28, Fancy Bear and Sofacy - has been operating since 2004, mainly seeking to steal confidential information from specific targets.
- The 1ο Part: «En Road With Sednit: Approaching the Target» focuses on the goals of phishing campaigns, the attack methods used, and the first malware stage called SEDUPLOADER, consisting of a dropper and its associated load.
- The 2ο Part: «En Road With Sednit: Observing the Comings and Goings» covers Sednit's activities from 2014 and studies the espionage toolkit used for long-term surveillance of infringing computers through the two backdoors (SEDRECO and XAGENT) and the XTUNNEL network tool.
- The 3ο Part: «En Road With Sednit: A mysterious Downloader» describes the first stage software called DOWNDELPH, which according to ESET telemetry data has been used only seven times. It is worth noting that in some of these uses advanced methods of stay were used: Windows bootkit and Windows rootkit.
"Her lasting interest ESET for these malicious activities arose from detecting an impressive number of custom software developed by the group "for the last two years," he said Alexis Dorais-Joncas, head of the group ESET Security Intelligence, which is responsible for its investigation mystery hidden behind the group Sednit.
"The team's weapons is constantly evolving. The team uses brand new software and techniques on a regular basis, and their flagship malware has evolved significantly in recent years. ”
According to ESET researchers, data collected from Sednit's phishing campaigns show that more than 1.000 high-profile individuals involved in Eastern European policy were attacked. "In addition, the team Sednit, unlike any other espionage team, she developed her own exploit Kit and developed a surprisingly high number 0-days exploits", She concluded Dorais-Joncas.
In recent years, the group's high profile activities have attracted the interest of many researchers in this field. Consequently, the intended contribution of this document is to provide a readable technical description, with strictly pooled IOC (Indicators of Compromise) indicators, readily available to both researchers and those in charge of analyzing Sednit's assays.
All three parts of the survey are stored in the account GitHub of ESET.
For more information, stakeholders can visit ESET's WeLiveSecurity.com portal where the introductory blogpost for 1 is availableο Part 1, 2ο Part & the 3ο Part or search each one separately in its full form:
1ο Part: «En Route with Sitting: Approaching the Target »
2ο Part: «En Route with Sitting: Observing the Comings and Goings »
3ο Part: «En Route with Sitting: A Mysterious Downloader »
Registration in iGuRu.gr via Email
Η ESET will also issue a summary of all parties to the WeLiveSecurity.com.