Palo Alto Networks: Sofacy Hacking Group’s Phishing Scam Targets US Govt Sector

cybersecurityA threat intelligence team at Palo Alto Networks has found that a cyber espionage group has launched a new spear phishing attack against the U.S. government.

The company said Tuesday its Unit 42 discovered that the Sofacy threat group, also called APT28, used a compromised email account linked to a foreign affairs ministry of another country to send a spear phishing email against a U.S. government agency on May 28.

According to Unit 42, the email contained the Sofacy Trojan malicious program's Carberp variant and used a persistence mechanism that had not been identified in previous attacks.

The persistence method works to help cyber threat actors evade detection by requiring users to load and execute malicious payloads into any Microsoft Office applications through the use of an RTF file as a delivery document, according to Palo Alto Networks.

The RTF file was sent as an attachment to the spear-phishing email and established a registry key as a method to run the Trojan for persistence purposes, Unit 42 said.

The threat intell team said the email was titled “FW: Exercise Noble Partner 2016,“ which refers to a joint NATO training exercise between the U.S. and Georgia.

You may also be interested in...

Gray Eagle ER UAS

General Atomics Demos Gray Eagle UAS for JTAC Operations

General Atomics’ aeronautical systems business assessed how the Gray Eagle Extended Range unmanned aircraft system could help advance sensor-to-shooter capabilities during a technology demonstration in late April at Yuma Proving Grounds in Arizona. A joint terminal attack controller captured the sensor field of regard, video and aircraft location using an Android Team Awareness Kit and digitally transmitted ‘call for fires’ on various targets by controlling the electro-optical/infrared sensor aboard the Gray Eagle platform during the April 23 demo.

Booz Allen Hamilton

Booz Allen Signs Up for Global Radio Network Access Consortium

Booz Allen Hamilton has become one of the industry members of the O-RAN Alliance, which promotes interoperability and openness in radio access network architectures. The company said Thursday it will support the RAN industry's efforts to integrate and secure networks through membership in the global consortium.


Box to Provide HHS With Cloud Content Management Platform

The Department of Health and Human Services will use a Box Inc.-developed cloud content management technology in an effort to ensure security and privacy of sensitive information during health services delivery and to identify new ways to work in the cloud.