Pages

22 February 2017

Mac Malware Attacks Tied To Russian Spy Group That Hacked DNC

Source Link

Fancy Bear – also known as APT28 and Sofacy – is the Russian hacking unit that hacked the Democratic National Committee. They also made headlines when they breached NATO, the White House, and then the World Anti-Doping Agency and the U.S. Anti-doping Agency – an incident that led to the leaking of medical documents on numerous elite athletes. Now, they’re in the news again. This time, it’s for an advanced strain of malware that targets Mac computers. Security researchers have labeled it XAgentOSX, and it’s built for espionage.

XAgentOSX will capture screenshots, steal passwords, log keystrokes, and search for desirable files such as iPhone or iPad backups. The information it gathers is then uploaded to a remote FTP server. The malware is also modular, and its controllers can send new modules to it at any time to expand its capabilities.

What ties XAgentOSX to Fancy Bear? Both Palo Alto and Bitdefender discovered similarities between the Windows malware the group is known to have used in previous attacks. Certain commands exist in both versions and both communicate via the same command and control URL.

Am I At Risk?

If you’re a Mac user, you might be wondering if XAgentOSX is something you need to worry about. The good news is that the average Mac user is not likely to be a Fancy Bear target.

Whether or not you need to be on the lookout for their phishing attacks ultimately depends on where you work. Fancy Bear is a cyber espionage group, and as such they tend to focus their efforts on government and military groups, non-government organizations (like think tanks), and contractors.

No comments:

Post a Comment