The Sednit group is back on the radar after alleged interference with the French elections. ESET researchers have observed another one of their phishing emails in action – this time using a recently mediatized missile strike on Syria to lure victims into opening an attachment that drops its infamous reconnaissance tool, Seduploader. Read the whole analysis on ESET’s news website.
Inside the document titled Trump's_Attack_on_Syria_English.docx, Sednit uses two 0-day exploits to drop the Seduploader component. The first one, CVE-2017-0261, for a Remote Code Execution vulnerability in Microsoft Word and the second one, CVE-2017-0263, for a Local Privilege Escalation in Windows. ESET reported both vulnerabilities to Microsoft, who addressed them today in their regular monthly security updates release.
“The Sednit group shows that it is far from done with its activities,” comments Alexis Dorais-Joncas, ESET Security Intelligence Team Lead, on recent findings. “While maintaining its old habits – such as the reuse of code and using known attack methods as described in our extensive whitepaper, we have noted several improvements in Seduploader over the past several months.“
The Sednit group, also known as APT28, Fancy Bear and Sofacy, is a group of attackers that has been operating since at least 2004 and whose main objective is to steal confidential information from specific, carefully selected targets. Last October, ESET published an extensive analysis of Sednit’s arsenal and tactics in the whitepaper En Route with Sednit.
Read the whole analysis on the latest Sednit group attack titled ‘Sednit adds two 0-day exploits using 'Trump's attack on Syria' as a decoy’ on Welivesecurity.com.
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.