Russian hackers ‘Fancy Bear’ now targeting governments with rootkit malware

Security researchers say that they have found evidence that for the first time Russia-backed hackers are now using a more sophisticated type of malware to target government entities.

ESET presented its case Thursday that the hacker group, known as Fancy Bear (or APT28), is using rootkit malware to target its victims. That marks an escalation in tactics, which the researchers say the group’s hacking capabilities “may be even more dangerous than previously thought.”

Although the researchers would not name the targeted governments, they said that the hackers were active in targeting the Balkans and some central and eastern European countries.

The malware, dubbed LoJax, uses a portion of LoJack, an anti-theft software that has been criticized for its brutal persistence making it challenging to remove — even when a user reinstalls their operating system. Arbor Networks found earlier this year that the LoJack agent now connected to a malicious command and control server operated by the hackers.

LoJax, like other rootkits, embeds in the computer’s firmware and launches when the operating system boots up. Because it sits in a computer’s flash memory, it takes time, effort and extreme care to reflash the memory with new firmware.

According to its investigation, ESET said that the hackers were “successful at least once” in writing a malicious module into a system’s flash memory.

Although attribution is typically difficult, the researchers found that systems hit by LoJax also contained other hacking tools known to used by Fancy Bear, including backdoors and proxy tools used for funneling network traffic to and from the hackers’ servers.

ESET said it could link the malware to earlier network infrastructure used by the hacker group “with high confidence.”

Fancy Bear has been active for more than a decade, but is best known for hacking into the Democratic National Committee and its disinformation and election influencing campaign against the U.S. in the run up to the 2016 presidential election. The hackers have also targeted senators, social media sites, the French presidential elections, and leaked Olympic athletes’ confidential medical files.

The researchers said that there are preventative measures. Because Fancy Bear’s rootkit isn’t properly signed, a computer’s Secure Boot feature could prevent the attack by properly verifying each component in the boot process. That can usually be switched on at a computer’s pre-boot settings.

ESET said that the discovery “serves as a heads-up, especially to all those who might be in the crosshairs of Fancy Bear.”



from www.tech-life.in
Share:

No comments:

Post a Comment

Search This Blog

Blog Archive

Powered by Blogger.

Edo raises $12M from Breyer Capital to measure TV ad effectiveness

Edo , an ad analytics startup founded by Daniel Nadler and actor Edward Norton, announced today that it has raised $12 million in Series A f...

Blog Archive

Recent Posts

Unordered List

  • Lorem ipsum dolor sit amet, consectetuer adipiscing elit.
  • Aliquam tincidunt mauris eu risus.
  • Vestibulum auctor dapibus neque.

Sample Text

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation test link ullamco laboris nisi ut aliquip ex ea commodo consequat.

Pages

Theme Support

Need our help to upload or customize this blogger template? Contact me with details about the theme customization you need.