Russian hackers targeting US banks

Discussion in 'Forum for discussion of ANTICHAT' started by K800, 15 May 2015.

  1. K800

    K800 Nobody's Fool

    25 Dec 2010
    Likes Received:
    Several security vendors believe it operates out of Russia and has possible ties to that country’s intelligence agencies.

    The group’s primary malware tool is a backdoor program called Sednit or Sofacy that it delivers to victims through spear-phishing emails or drive-by downloads launched from compromised websites.

    The group appears to be targeting Commercial Bank International in the UAE, Bank of America, TD Canada Trust, the United Nations Childrens Fund (UNICEF), United Bank for Africa, Regions Bank, and possibly Commerzbank.

    It is thought that the group will employ spear-phishing as their main method of delivery.

    Root9B analysts believe that there might be two subgroups within APT28: One that targets military and government organizations and one that targets financial institutions and banks.

    The IP address of a command-and-control server set up by the attackers has been published so that banks and other financial companies can block them on their networks.


    #1 K800, 15 May 2015
    Last edited: 28 Mar 2022