The Sofacy group (aka APT28, Fancy Bear, and Pawn Storm) have allegedly attacked and breached German government’s secure computer network. Many security experts believe the cyberespionage group has ties back to the Russian government.
The group used malware to target German federal agencies, to include the foreign and defense ministries, as well as the German chancellery and the Federal Court of Auditors. Hackers allegedly stole data, but the breach was still under investigation to determine the full impact from the cyberattack, according to a dpa report.
German security agencies spotted the attacks back in December and were trying to determine how far into the network the attack penetrated.
Palo Alto Networks Unit 42 group also reported Wednesday on the Sofacy attacks that affected multiple government entities around the world, to include one in Europe and one in North America. The attacks originated from phishing emails with the subject line of “Upcoming Defense events February 2018” and sender’s address claiming to be from “Jane’s 360 defense events <email@example.com>”, a well known supplier of information and analysis related to the defense and government sector.
“We discovered a campaign launched at various Ministries of Foreign Affairs around the world. Interestingly, there appear to be two parallel efforts within the campaign, with each effort using a completely different toolset for the attacks,” Palo Alto stated.