CyberNews Briefs

Russian APT28 Group Changes Tack to Probe Email Servers

Russian threat actor group APT28 has recently been probing email servers, scanning for vulnerable email, Microsoft SQL Servers and Directory servers, changing its tactics from its previous attacks. The APT group is responsible for some major cybercrime campaigns over the past few years, including stealing information from the Democratic National Committee (DNC). The group has also allegedly hacked the world anti-doping agency (WADA) several times following a state-sponsored doping scheme that was publicized.

The group has historically used spear-phishing tactics and malware to infiltrate its targets, however, Trend Micro has observed a shift in its tactics. In a report published on Thursday, Trend Micro found that in 2019, APT28 scanned port 443 for exposed email servers across the globe, later using brute force credentials to exfiltrate email data. The group seemed to still target military and defense organizations, governments, law firms, and political parties.

Read More: Russian APT28 Group Changes Tack to Probe Email Servers

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.