Notorious Russian hacking group Fancy Bear (aka Sofacy, APT28 and Sednit) is targeting embassies and foreign affairs ministries in Eastern European and Central Asian countries in a new spearphishing campaign, researchers with ESET have discovered.
The phishing emails contain a malicious attachment that delivers an updated version of the Zebrocy backdoor. According to ESET, the hackers are “porting the original code to, or reimplementing it in, other languages in the hope of evading detection.” Fancy Bear has been around since at least 2004 and has been linked to numerous cyber campaigns, including hacking operations targeting the 2016 US presidential election.
Read more: Zebrocy Retools for New Political Attacks