Russian Hackers ATP28 Used Zero-Days Vulnerability to Hack Diplomatic Targets in the US

According to a report released by a famous American security company dubbed as “FireEye”, a group of hackers from Russia has been making use of vulnerabilities in two well-known software – Microsoft’s Windows OS and Adobe’s Flash – the Russian hackers try to grab the info about different governments.

In last October 2014 FireEye said the group, named APT28, is behind the information about militaries, governments and intelligence companies – containing the American and different diplomatic objectives – that would “quite beneficial for the government of Russia.”

The campaign from the Russia hackers has been connected to major breaches at the computers of American State Department, however the same hacking group APT28 believed to have similarly attacked the computers of White House that controlled random but sensitive data like as the Obama’s travel agenda.

The malware distributed in the current hacking attack is quite similar to CHOPSTICK, a key term used by APT28 for the access. As a matter of fact, FireEye said, the same malware distributed in the current hacking attack utilized the identical RC4 encryption key.

A white paper published in 2014 by FireEye stated APT28 had directed the cyber-attacks in contradiction of military, political and government organizations since from 2007. APT28 bring together “samples of the malware which are coded in Russian language and self-consistent in the working hours with the time zone of St. Petersburg and Moscow, and all other major cities of Russia.

American security firm FireEye also mentioned that, the Microsoft is currently working on a patch but Adobe Flash had issued a fix for the vulnerability. FireEye further said that, the vulnerability does not affect the latest versions of windows like Windows 8 or any later version.

FireEye also stated in a blogpost, “While there is not yet a patch available for the Windows vulnerability, updating Adobe Flash to the latest version will render this in-the-wild exploit innocuous.”

Philip Misner works with Microsoft’s security team stated in an email, “We believe the overall risk for customers is limited, as an adversary would need to find, and exploit, an additional vulnerability to achieve privilege escalation.”

Just prior to the report from FireEye, Trend Micro (A Security firm) named the hacking attempt against the computers of State Department, NATO, Eastern European nations, and Russian rebels “Pawn Storm”. Both groups ATP28 and Pawn Storm use the similar tactics for the very same objectives, numerous security experts believe both are the same hackers.

Dmitry Peskov (Spokesman of Russian President), refused the report’s results at the moment. Peskov didn’t reply after-hours phone calls to 2 phone numbers at Saturday. Zero-day vulnerabilities are extremely favorite by attackers because the flaws haven’t been lately identified and so no instant defense is there.

American State Department’s spokesman denied to comment on the vulnerability, reported by FireEye on Saturday. He denoted as an alternative the briefing by Jen Psaki (Director of Communications in White House) on March 9. Pskai said at the briefing that the sector dealt with numerous hacking attacks each day.

Top/Featured Image: By Colin via Wikimedia Commons

One Reply to “Russian Hackers ATP28 Used Zero-Days Vulnerability to Hack Diplomatic Targets in the US”

Leave a Reply

Your email address will not be published. Required fields are marked *