US DNC hackers blew through SIX zero-days vulns last year alone
Most targets were individuals with Gmail addresses
Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed for ransacking the US Democratic National Committee's computers.
Sednit – also known as APT28, Fancy Bear and Sofacy – has been operating since 2004. The cyber-mob has reportedly infiltrated machines operated by targets as diverse as the DNC, the German parliament, Hillary Clinton's presidential campaign boss John Podesta, former US Secretary of State Colin Powell, and the French TV network TV5Monde.
Other targets include high-profile figures in Eastern European politics – such as Ukrainian leaders, NATO officials and Russian political dissidents. Thousands of emails with booby-trapped links to password-stealing phishing pages were sent out by the gang to victims, snaring anyone who followed the bit.ly- and tiny.cc-concealed URLs and handed over their login credentials.
Sensitive documents and private emails taken from some of the hacking targets – notably the DNC and John Podesta – were leaked online via WikiLeaks and other sites. It strongly suggests that WikiLeaks, DC Leaks and Guccifer 2.0 are working from the same source material – material obtained and disclosed by these alleged state-backed miscreants in Russia.
."John Podesta"*— Thomas Rid (@RidT) October 20, 2016
* How FANCYBEAR hacked Podesta's gmail (& Powell's & Breedlove's & many 100s more)—linking DCLeaks, G2 & Wikileaks ops pic.twitter.com/UbqS3smaRH
But it's not just phishing attacks that the Spetsnaz of computer hacking favors. The crew also wields zero-day exploits to infect computer systems belonging to its targets, according to security researchers at ESET, the Slovakian IT security company:
Most of the targets uncovered by ESET's research have Gmail addresses, the majority of which belong to individuals. Individual targets included political leaders and heads of police of Ukraine, members of NATO institutions, members of the People's Freedom Party, Russia's People's Freedom Party, Russian political dissidents 'Shaltay Boltai,' an anonymous Russian group known to release private emails of Russian politicians, journalists based in Eastern Europe, academics visiting Russian universities, and Chechen organizations.
The group exploited no fewer than six zero-day vulnerabilities in the likes of Windows, Adobe Flash and Java last year alone, according to ESET. "A run-of-the-mill criminal gang would be unlikely to make use of quite so many previously unknown, unpatched vulnerabilities because of the significant skill, time and resources required to properly uncover and exploit them," it concludes.
The first part of ESET's planned three-part white paper into Sednit can be found here [PDF]. ®