APT28, also known as Fancy Bear, is a Russian government-backed cyber espionage group that's notoriously tied to the leaking of Hillary Clinton's emails prior to the last presidential elections in the United States.
While the hacking group is known by other aliases such as Pawn Storm, Sofacy Group, Sednit and STRONTIUM; their exploits include series of hacks that exposed chat transcripts from the Democratic National Committee's computer network in 2016.
Just recently, Microsoft discovered several fake websites that are run by the group, designed to trick visitors in order to steal their personal information by hacking into their computers. The group created fake sites that mimic two of American institutions: Hudson Institute and International Republican Institute, with three domains that looks like the official US Senate websites.
Fancy Bear has mostly targeted Windows with its malware, and as such run domains that are heavily related to Microsoft products which has given Microsoft a ground to pursue it with lawsuits.
Albeit, faceless group can’t be exactly dragged to court, the lawsuit is to grant Microsoft the rights to hijack Fancy Bear’s servers, of which Microsoft was able to take over 70 different Fancy Bear domains, many of which serve as the “command-and-control” points.
Microsoft, however maintains that no evidence points to the fake domains as successfully used for any hacking exploit. But such sites can only be useful in hosting malware which are designed to infect people's computers and steal their personal information.
The company did obtain a court order to seize the domains and move them to its own server, which instead of getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them.
It redirect the domains from Russia’s servers to the company’s, thereby cutting off the hackers from their victims, and giving Microsoft an absolute view of their automated servers’ network.
And perhaps, the recent attacks on the two American institutions were Russian hacking attempts ahead of the 2018 midterm elections.
APT28 hacking attempts on the International Republican Institute
APT28, also known as Fancy Bear, is a Russian government-backed cyber espionage group that's notoriously tied to the leaking of Hillary Clinton's emails prior to the last presidential elections in the United States.
While the hacking group is known by other aliases such as Pawn Storm, Sofacy Group, Sednit and STRONTIUM; their exploits include series of hacks that exposed chat transcripts from the Democratic National Committee's computer network in 2016.
Just recently, Microsoft discovered several fake websites that are run by the group, designed to trick visitors in order to steal their personal information by hacking into their computers. The group created fake sites that mimic two of American institutions: Hudson Institute and International Republican Institute, with three domains that looks like the official US Senate websites.
Fancy Bear has mostly targeted Windows with its malware, and as such run domains that are heavily related to Microsoft products which has given Microsoft a ground to pursue it with lawsuits.
Albeit, faceless group can’t be exactly dragged to court, the lawsuit is to grant Microsoft the rights to hijack Fancy Bear’s servers, of which Microsoft was able to take over 70 different Fancy Bear domains, many of which serve as the “command-and-control” points.
Microsoft, however maintains that no evidence points to the fake domains as successfully used for any hacking exploit. But such sites can only be useful in hosting malware which are designed to infect people's computers and steal their personal information.
The company did obtain a court order to seize the domains and move them to its own server, which instead of getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them.
It redirect the domains from Russia’s servers to the company’s, thereby cutting off the hackers from their victims, and giving Microsoft an absolute view of their automated servers’ network.
And perhaps, the recent attacks on the two American institutions were Russian hacking attempts ahead of the 2018 midterm elections.
No comments