Zebrocy, a Russian-speaking advanced persistent threat (APT) actor associated with numerous attacks on government, military, and foreign affairs-related targets since at least 2015 is back at it again.
Researchers from Kaspersky Lab say they have observed the group using a new downloader to deploy a recently developed backdoor family on organizations in multiple countries, including Germany, the United Kingdom, Iran, Ukraine, and Afghanistan.
The backdoor, written in the Nim programming language, is designed to profile systems, steal credentials, and help the attackers maintain persistence on a compromised computer over an extended period of time. As with its previous campaigns, Zebrocy is using spear-phising emails to distribute the new malware to targeted organizations.
It is the latest addition to Zebrocy's continually expanding malware set and demonstrates the group's long-term commitment to gaining access to targeted networks, Kaspersky Lab said in a report Monday. "We will see more from Zebrocy into 2019 on government and military related organizations," the security vendor noted.
Zebrocy and its eponymously named malware first surfaced in 2015. Kaspersky Lab and other security vendors have linked Zebrocy to Fancy Bear/APT 28/Sofacy, a Russian-speaking APT group associated with attacks on numerous organizations including — most notoriously — the US Democratic National Committee in the run-up to the last general elections.
Some security firms, such as ESET, for instance, have described Zebrocy as Fancy Bear's attack toolset, and not necessarily as a separate group. Earlier this month ESET published a new report noting numerous improvements to the toolset to give attackers better control over compromised systems.
< ..
Support the originator by clicking the read the rest link below.
