Russian Hackers Are Using Brexit To Leverage Cyber Attacks

A hacking group widely believed to work on behalf of the Russian state is using Brexit as a lure for conducting cyber operations with the aim of delivering malware to targets across Europe.

The UK's departure from the European Union appears to be the latest in a line of current affairs topics which Russian hacking group Fancy Bear, also known as APT28, Sofacy and a variety of other names, is using in an effort to trick targets into opening emails and downloading malware.

Earlier this month, the hacking operation, which is thought to have strong links to the Kremlin, was seen using phishing lures relating the recent Lion Air crash off the Indonesian coast. But now cyber security researchers at Accenture have seen the group that they refer to as SNAKEMACKEREL exploiting Brexit in a campaign designed to deliver Trojan malware.

It's believed that the campaign has actively targeted government departments, particularly ministries of foreign affairs, political think-tanks, and defence organisations across Europe.

"The threat group is likely to be seeking access to insights on the latest political affairs, including confidential documents on national interests related to current news headlines such as Brexit," said Michael Yip, security principal at Accenture Security's iDefense Threat Intelligence, 

Targets are sent an email with an attachment named Brexit 15.11.2018.docx. If they open it, they're met with jumbled-up text and a claim of an error relating to the document being created in an earlier version of Microsoft Word. Users are urged to 'enable content' to see what the document claims to contain, but if they follow through with this request, it enables macros and allows malicious-macro-enabled content to retrieve and deliver malware. 

The malicious payload is Zeboracy, a Trojan that has previously been observed being deployed as part of cyber espionage campaigns working out of Russia.

Analysis of the of the malicious attachment also provides clues pointing towards the origin of the attacks: the document is said to be last modified by a user called 'Joohn', a name that has appeared in the file information of previous Fancy Bear campaigns. Researchers also note that the document was compiled by a company named Grizli777.

The group has been particularly active since October and Accenture has "high confidence" that the campaign still remains highly active. Given how quickly the attackers react to current affairs, it's likely only a matter of time before they use a new news event as a lure to conduct attacks.

"The speed in which fresh news headlines are used for document lures in attacks particularly highlights the group's knowledge of foreign affairs and provides strong indications of their targeting remit," said Yip.

Fancy Bear has been linked to a number of high-profile cyber campaigns in recent years, including the cyber-attacks and disinformation as a means of interference around the US Presidential election. It's also thought to have conducted additional espionage campaigns against a number of nation-states and international organisations.

ZDNet

You Might Also Read:

Russian Hackers Have New Weapons:

« Marriott Hack- 500m Data Records Exposed
GCHQ Doesn't Always Tell Vendors If Their Software Is Vulnerable »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

Delphix

Delphix

Delphix is the industry leader for DevOps test data management.

authUSB

authUSB

authUSB Safe Door is a tool that provides secure access to the content of USB devices that circulate in organizations.

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

Euro-Recycling

Euro-Recycling

Euro-Recycling is a leading UK provider of Secure On-Site Data Media Destruction Services.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

ALTR

ALTR

ALTR provide software-embedded solutions for data security and privacy.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

Sovrin Foundation

Sovrin Foundation

The Sovrin Foundation is a private-sector, international non-profit that was established to govern the world's first self-sovereign identity (SSI) network.

Onclave Networks

Onclave Networks

Onclave Networks is a global cybersecurity leader, transforming the future of securing all IT/OT devices and systems.

CyberGuard Technologies

CyberGuard Technologies

CyberGuard Technologies provides a suite of fully managed end-to-end security services from its 24/7 UK security operations centre.

CSIOS Corp.

CSIOS Corp.

At CSIOS we help our customers achieve and sustain information and cyberspace superiority through a full range of defensive and offensive cyberspace operations and cybersecurity consulting services.

Telesystem

Telesystem

Telesystem empowers businesses across the USA with a range of innovative network, communication and collaboration solutions.

Logiq Consulting

Logiq Consulting

Logiq Consulting provide a full range of Cyber Security, Information Assurance and System Engineering services.

Secolve

Secolve

Secolve is Australia’s next generation OT specialist cyber security firm, working with key industries to protect the nation’s critical infrastructure.

JustunSecure

JustunSecure

JustunSecure is dedicated to promoting information technology and cybersecurity in Africa.