Russian hackers using Brexit to deliver Malware

43

Hackers funded by the government of Russia are said to be using the current UK’s political situation in their favor to deliver malware to the populace of Britain. It is believed that the malware campaign has so far targeted several government organizations- for now only those related to ministries of foreign affairs, political think tank, and defense organizations across Europe.

Fancy Bear, also known as Sofacy and APT28 is the hacking group being funded by Russian GRU- the military intelligence group from Kremlin.

The technicalities are as follows- Fancy Bear group sends an email to the victims with an attachment named Brexit 15.11.2018.docx. When the victim tries to open the attachment, the system claims an error relating to the document being created in an earlier version of Microsoft Word. So, the user is asked to enable content to see the text content in the newest version.  And this is where the macros get enabled and Zeboracy malware gets delivered via Snakemackerel campaign- exclusively designed to exploit Brexit situation.

Note- Zeboracy is a malware that has the tendency to spy on the systems and networks it gets installed. 

Accenture Security’s iDefense Threat Intelligence was the first to detect this campaign. And it said that the hackers’ group motive is to use fresh news headlines for document lures in order to launch malware attacks.

Note- Fancy Bear is a hackers group funded by GRU and its motive is to launch cyber attacks with espionage motive to gain interests of foreign political candidates. The group which is now treated as an advanced persistent threat is known to use zero-day exploits, spear phishing and malware to compromise targets.