• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Pawn Storm

Update on Pawn Storm: New Targets and Politically Motivated Campaigns

  • Posted on:January 12, 2018 at 5:00 am
  • Posted in:Targeted Attacks
  • Author:
    Feike Hacquebord (Senior Threat Researcher)
0

The active espionage actor group Pawn Storm didn’t shy away from continuing their brazen attacks in the second half of 2017. Pawn Storm’s attacks usually are not isolated incidents. We can often relate them to earlier attacks by carefully looking at the technical indicators and motives.

Read More
Tags: Operation Pawn StormPawn Storm

Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks

  • Posted on:April 25, 2017 at 1:00 am
  • Posted in:Targeted Attacks
  • Author:
    Feike Hacquebord (Senior Threat Researcher)
0

Pawn Storm is an active and aggressive espionage actor group that has been operating since 2004. The group uses different methods and strategies to gain information from their targets, which are covered in our latest research. However, they are particularly known for dangerous credential phishing campaigns. In 2016, the group set up aggressive credential phishing attacks against the Democratic National Convention (DNC), German political party Christian Democratic Union (CDU), the parliament and government of Turkey, the parliament of Montenegro, the World Anti-Doping Agency (WADA), Al Jazeera, and many other organizations.

This blog post discusses how Pawn Storm abused Open Authentication (OAuth) in advanced social engineering schemes. High profile users of free webmail were targeted by campaigns between 2015 and 2016.

Read More
Tags: OAuthPawn Storm

How Cyber Propaganda Influenced Politics in 2016

  • Posted on:January 12, 2017 at 5:00 am
  • Posted in:Social, Targeted Attacks
  • Author:
    Feike Hacquebord (Senior Threat Researcher)
0

Throughout history, politically motivated threat actors have been interested in changing the public opinion to reach their goals. In recent years the popularity of the Internet gave these threat actors new tools. Not only do they make use of social media to spin the news, spread rumors and fake news, but they also actively hack into political organizations.

Read More
Tags: cyber propagandaPawn Storm

Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched

  • Posted on:November 9, 2016 at 5:00 am
  • Posted in:Exploits, Targeted Attacks, Vulnerabilities
  • Author:
    Trend Micro
0

The effectiveness of a zero-day quickly deteriorates as an attack tool after it gets discovered and patched by the affected software vendors. Within the time between the discovery of the vulnerability and the release of the fix, a bad actor might try to get the most out of his previously valuable attack assets. This is exactly what we saw in late October and early November 2016, when the espionage group Pawn Storm (also known as Fancy Bear, APT28, Sofacy, and STRONTIUM) ramped up its spear-phishing campaigns against various governments and embassies around the world.  In these campaigns, Pawn Storm used a previously unknown zero-day in Adobe’s Flash (CVE-2016-7855, fixed on October 26, 2016 with an emergency update) in combination with a privilege escalation in Microsoft’s Windows Operating System (CVE-2016-7255) that was fixed on November 8, 2016.

Read More
Tags: Adobe zero-day exploitPawn Stormspear-phishing emailWindows zero-day exploit

Pawn Storm Targets German Christian Democratic Union

  • Posted on:May 11, 2016 at 8:21 am
  • Posted in:Targeted Attacks
  • Author:
    Feike Hacquebord (Senior Threat Researcher)
0

April last year, Pawn Storm reportedly compromised computers of the German Bundestag using data-stealing malware. This was the first documented political attack of Pawn Storm against Germany. One year later, this espionage actor group takes a swing once again.

In April 2016, we discovered that Pawn Storm started a new attack against the German Christian Democratic Union (CDU), the political party of the Chancellor of Germany, Angela Merkel.

The attack consisted of seemingly coordinated credential phishing attacks against the CDU and high profile users of two German freemail providers. A fake corporate webmail server of CDU was set up in Latvia for advanced credential phishing. Around the same time, three domains were created for credential phishing targeting high-profile individual users of two German free webmail providers. The main fake webmail server of CDU was set up in Latvia, but the free webmail credential phishing sites are on servers of the Virtual Private Server provider in the Netherlands we have discussed previously.

Read More
Tags: CDUGerman Christian Democratic UnionGermanyPawn Stormtargeted attacks
Page 1 of 412 › »

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.