News

US authorities seized domains used by hacker group APT29

Photo of Daniel Zimmermann Daniel ZimmermannJune 3, 2021
0 128 1 minute read

Microsoft experts said last week that the Russian hacker group APT29 (aka Cozy Bear, Dukes, Nobelium), standing behind the attack on SolarWinds, attacked the US Agency for International Development using four new malware families in the campaign.

The hackers compromised the agency’s Contact Contact account and then used that account to impersonate agents in phishing emails that appeared to be authentic.

In total, the attackers sent phishing messages to approximately 3,000 accounts in more than 150 organizations, including government agencies and organizations involved in international development, humanitarian and human rights activities.

The FBI and the Justice Department are now reporting that they managed to hijack two domains that the hack group used during these attacks.

After the recipient of the phishing email clicked on the hyperlink, the victim’s computer downloaded malware from the theyardservice[.]com subdomain. Using this foothold, the criminals downloaded the Cobalt Strike tool to maintain a constant presence on the system, and also likely installed additional tools and malware on the victims’ network. The Cobalt Strike installation communicated with the C&C server through other subdomains theyardservice[.]com, as well as the worldhomeoutlet[.]com domainwrite the specialists of the Ministry of Justice.

After receiving a court order, the authorities seized these two domains in order to block attackers from infecting new systems and interacting with previously infected hosts.

However, the actors may have deployed additional backdoor accesses between the time of the initial compromises and the attack last week.

The FBI remains committed to disrupting this type of malicious cyber activity targeting our federal agencies and the American public. We will continue to use all of the tools in our toolbelt and leverage our domestic and international partnerships to not only disrupt this type of hacking activity but to impose risk and consequences upon our adversaries to combat these threats.said Assistant Director Bryan Vorndran of the FBI’s Cyber Division.

Let me remind you that we wrote that Chinese hackers also took part in attacks on SolarWinds clients.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Tags
Photo of Daniel Zimmermann Daniel ZimmermannJune 3, 2021
0 128 1 minute read
Photo of Daniel Zimmermann

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

cyberattacks by Russian hackers on Canada

Canadian Intelligence Warns of the Threat of Russian Hackers’ Cyberattacks on the Country’s Oil and Gas Sector

June 23, 2023
NVIDIA GeForce RTX 3060

NVIDIA promised to protect the GeForce RTX 3060 from miners, and soon released the miner driver

March 15, 2021
Chinese hackers and a new backdoor

Chinese hackers use a new backdoor to spy on the country’s government from Southeast Asia

June 9, 2021
Xiaomi company spying users

Information security experts suspect Chinese company Xiaomi of spying on users

May 4, 2020

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | Adware.Guru;
Back to top button