According to observations of “Kaspersky Lab”, the Russian-language Sofacy not scaling down its activities, despite the fact that in 2014 received wide publicity. On the contrary, the group is expanding arsenal of new and more sophisticated techniques to successfully carry out the infection and better conceal his traces in the system.
The group, also known under the names of Fancy Bear, Sednit, STRONTIUM and APT28, has been operating since at least 2008. Its purpose are mainly military enterprises and government agencies around the world.
New tools Sofacy, found experts “Kaspersky Lab”, have the property of interchangeability. This means that the victim’s computer becomes infected with several malwares, one can recover the rest if they block or remove protection system. Grouping Sofacy earlier sought to increase the stability of malware installing two backdoor, so that in the event of one of these attackers still remains access to the system. But now Sofacy acts more sophisticated – with a separate module from the command server downloads a new version of a locked backdoor that allows you not to start the process of re-infection of the system, and to continue it with the place where the malware was blocked.
Another new method which, according to observations of “Kaspersky Lab”, is increasingly using Sofacy, – this division of malicious software into modules with functions more reliably conceals their activity in the attacked system.
In addition, Sofacy improving ways of stealing data from computers that are not connected to the Internet. Attackers create new versions of modules that allow in stealth mode to copy data from USB-devices, which were previously used on computers that are denied access to the network.
No comments:
Post a Comment