Russian Hacker Cozy Bear Attacks Post Election in USA while bypassing Malware Detection

The morning following United States presidential election saw an onslaught of spear-phishing electronic mails attacking several political and government entities even as they bypassed anti-malware detection.

Cozy Bear the APT (advanced persistent threat) syndicate from Russia is known to have been attacking non-government organizations and think tanks in USA immediately following the country's presidential election, while carrying out malware campaigns which exploited controversies emanating after the election.

APT29 another name of Cozy Bear is by now familiar to people because it earlier hacked the servers of DNC (Democratic National Committee) as well as attacked Washington D.C situated think tanks that focused on Russia and its policies. Volexity the incident response and suppression facility reports that APT29 is currently concentrating on agencies dealing with public policy, international affairs, defense, national security and Asian and European research.

Consequently, the syndicate shows one greatly significant move from earlier operations as well as one which went on in the aftermath of this year's U.S. presidential race.

Controllers of Dukes, during August, executed many surges of extremely targeted spear-phishing assaults, dispatching fraudulent electronic mails to specific persons employed with America-situated organizations through PowerDuke the name of a backdoor malware. PowerDuke that lets hackers assess as well as regulate a computer was reused within the current week's post-election intrusions. Pcmag.com posted this, November 11, 2016.

A few electronic mails from the total have web-links leading onto zipped files having one shortcut file from Microsoft with the extension .LNK. The zipped archives have malevolent PowerShell code which installs PowerDuke. The remaining e-mails show Microsoft Word attachments having harmful macros which contaminate end-users with the malicious element. No matter what infection method is used, the electronic mail attack installs decoy docs which make certain false sense of genuineness of the messages, whilst utilize anti-virtualization methodology for eschewing systems that possibly IT security researchers and/or personnel used.

What's more, Cozy Bear uses steganography to hide code inside files/pictures. This in turn is for concealing the PowerDuke backdoor within PNG documents. These files get pulled down solely inside memory rather than onto certain computer's hard drive for enhancing the malware's sneakiness.

» SPAMfighter News - 11/17/2016