A department from SecureWorks; a protective service unit that protects individual's or businesses digital information, has been closely watching a well known group of Russian hackers.
SecureWorks has been closely paying attention to a Russian group of hackers, known as APT28. Apt28 has been known for targeting non-governmental organizationals, governments, journalists, politicians, political organizations, and militaries. The series of cyebr of attacks have been going on since 2009.
Is the Russian Government involved with the hacking group?
Researchers at SecureWorks have stated that the group is most likely to be sponsored by the Russian Government. Two years ago (2015), during Spring, the Russian government has been tasking the group of hackers with activity beyond covert intelligence gathering. The group conducted a sabotage operation against a France-based TV station and leaked political details in what U.S. intelligence agencies concluded was an biggest attempt to influence the United States presidential election. The attacks have also occurred among other Russian's political activists, bloggers, and politicians.
APT28 has also performed an email attack among Gmail users by using a phishing tactic. Malicious documents were attached and linked to a custom exploitation kit. The malware attack was applied to many operational systems including Windows, Mac OS X, and Linux-based operating systems and mobile devices. Furthermore, there were phishing campaigns to steal webmail credentials.
Secureworks suggestions and recommendations?
- Apply best-practice security controls such as regular vulnerability scanning and patching,
- Have network monitoring tools ready.
- User education reduces your susceptibility to compromise.
- Implement two-factor authentication (2FA) on internal and third-party webmail platforms.
- Encourage employees use 2FA on their personal accounts.
- Restrict work-related communication from personal email.