Connect with us

Hi, what are you looking for?

Tech & Science

Hackers targeting NATO and U.S. military cyber-experts

Security researchers are being sent a document titled ‘Conference_on_Cyber_Conflict.doc’, containing information about the upcoming 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.). While the conference is real, the document is not, reports ZD Net.

The real conference is being hosted by the US Army and NATO Cooperative Cyber Defence Centre of Excellence and will run from November 7 through 8 this year at the Ronald Reagan Building in Washington D.C. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence.

APT28 or Fancy Bear linked to Russia
Over the weekend, security researchers at Cisco Talos revealed that an operation called Group 74, or APT28 aka Fancy Bear (that was also responsible for the DNC hack last year), has “weaponized” a real Word document titled “Conference_on_Cyber_Conflict.doc” with malware.
READ MORE: Cyberfirm Kaspersky seeks to win back trust over Russia spy claims
The hackers used a variant of a malware called Setuploader, commonly used in espionage. “This is clearly an attempt to exploit the credibility of Army Cyber Institute and NATO CCDCOE in order to target high-ranking officials and experts of cybersecurity,” said a CCDCOE spokesperson.

Setuploader has the ability to take screenshots, extract data, execute code and download additional fake files, and more, according to the researchers. This points to the hackers wanting to steal information with the goal of espionage. One thing is different about this particular document – It doesn’t contain an Office exploit or a zero-day.

Instead, it uses a malicious Visual Basic for Applications (VBA) macro, designed to run code within the selected application — in this case, Microsoft Word. This shows the extent that some groups will go to in extracting information from a particular group, in this case, cybersecurity experts.

The Sunday report comes just a few days after Proofpoint’s report had suggested APT28 was actively leveraging a security exploit that was patched by Adobe last week, in hopes of infecting as many targets in government departments and aerospace companies as it could before the breach was discovered.

Avatar photo
Written By

We are deeply saddened to announce the passing of our dear friend Karen Graham, who served as Editor-at-Large at Digital Journal. She was 78 years old. Karen's view of what is happening in our world was colored by her love of history and how the past influences events taking place today. Her belief in humankind's part in the care of the planet and our environment has led her to focus on the need for action in dealing with climate change. It was said by Geoffrey C. Ward, "Journalism is merely history's first draft." Everyone who writes about what is happening today is indeed, writing a small part of our history.

You may also like:

World

Calling for urgent action is the international medical humanitarian organization Doctors Without Borders/Médecins Sans Frontières (MSF)

Business

The cathedral is on track to reopen on December 8 - Copyright AFP Ludovic MARINParis’s Notre-Dame Cathedral, ravaged by fire in 2019, is on...

Business

Saudi Aramco President & CEO Amin Nasser speaks during the CERAWeek oil summit in Houston, Texas - Copyright AFP Mark FelixPointing to the still...

Business

A recent article in the Wall Street Journal infers that some workers might be falling out of the job market altogether.