Her researchers ESET ανακοίνωσαν ότι προχώρησαν στην κλιμακωτή έκδοση μίας εκτεταμένης ερευνητικής εργασίας 3 τμημάτων με τίτλο «En-Route with Sednit». Η Sednit, μια διαβόητη ομάδα κυβερνο-εγκληματιών - επίσης γνωστή ως APT28, Fancy Bear και Sofacy, λειτουργεί από το 2004, επιδιώκοντας κυρίως την κλοπή εμπιστευτικών πληροφοριών από συγκεκριμένους στόχους.
- The 1ο Part: «En Route With Sednit: Approaching the Target» focuses on the targets of phishing campaigns, methods attacks are used and the first malware stage called SEDUPLOADER, which consists of a dropper and the related load of.
- The 2ο Part: «En Route With Sednit: Observing the Comings and Goings» covers Sednit's activities since 2014 and studies the espionage toolkit used for long-term monitoring των παραβιασμένων υπολογιστών μέσω των δύο backdoors (SEDRECO and XAGENT), as well as the XTUNNEL network tool.
- The 3ο Part: «En Route With Sednit: A mysterious Downloader» describes the first stage software called DOWNDELPH, which according to ESET telemetry data has been used only seven times. It is worth noting that in some of these uses advanced methods of stay were used: Windows bootkit and Windows rootkit.
"Her lasting interest ESET for these malicious activities arose from detecting an impressive number of custom software developed by the group τα τελευταία δύο χρόνια", είπε ο Alexis Dorais-Joncas, head of the group ESET Security market, which is responsible for its investigation mystery hidden behind the group Sednit.
"Τα όπλα της ομάδας είναι σε συνεχή ανάπτυξη. Η ομάδα χρησιμοποιεί ολοκαίνουργιο λογισμικό και τεχνικές σε τακτική βάση, ενώ η ναυαρχίδα του κακόβουλου λογισμικού τους έχει εξελιχθεί σημαντικά τα τελευταία χρόνια."
According to ESET researchers, data collected from Sednit's phishing campaigns show that more than 1.000 high-profile individuals involved in Eastern European policy were attacked. "In addition, the team Sednit, unlike any other espionage team, she developed her own exploit Kit and developed a surprisingly high number 0-days exploits", She concluded Dorais-Joncas.
In recent years, the group's high profile activities have attracted the interest of many researchers in this field. Consequently, the intended contribution of this document is to provide a readable technical description, with strictly pooled IOC (Indicators of Compromise) indicators, readily available to both researchers and those in charge of analyzing Sednit's assays.
All three parts of the survey are stored at account GitHub of ESET.
For more information, stakeholders can visit ESET's WeLiveSecurity.com portal where the introductory blogpost for 1 is availableο Part 1, 2ο Part & the 3ο Part or search each one separately in its full form:
1ο Part: «En Route with Sitting: Approaching the Target »
2ο Part: «En Route with Sitting: Observing the Comings and Goings »
3ο Part: «En Route with Sitting: A Mysterious Downloader »
Η ESET will also issue a summary of all parties to the WeLiveSecurity.com.
