Hackers from the APT28 group attacked email-boxes of hundreds of employees of Czech ministries



    Image: Unsplash

    According to a report by the Czech Information Security Service, in 2016-2017, members of the APT28 cyber-grouping (also known as Sofacy, Fancy Bear, etc.) conducted a successful hacking of the information systems of the Ministry of Foreign Affairs of the Czech Republic. The victims of the attack were also employees of the Ministry of Defense.

    What happened


    Hackers, who were previously associated with the Russian special services, managed to steal the contents of e-mails of about 150 employees of the Czech Foreign Ministry. According to the report of the Security Service, the attackers were mainly interested in the correspondence of the senior management of the ministry. In particular, the information contained in the letters was used to attack other state institutions.

    Vectors and attack targets are fully consistent with the vectors and targets of other attacks carried out by the APT28 grouping.

    In addition, attacks on Czech military installations were identified. In addition, members of APT28 managed to hack email of several employees of the Ministry of Defense and military personnel of the country's army. The attackers were able to steal personal data that could be used for further attacks, while the secret information was not compromised.

    How to protect against such attacks


    According to Positive Technologies, from year to year the number and complexity of targeted attacks continue to grow. Despite the availability of protection, many companies are not immediately able to detect hacking: the average time of the attacker's presence in the infrastructure is 197 days. One of the reasons is that existing solutions detect targeted attacks on the perimeter, but do not detect threats if the attackers have already penetrated the network.

    Detecting attacks at an early stage and minimizing damage can be achieved by monitoring malicious activity both on the perimeter and inside the network, revealing it in traffic on a variety of grounds. A regular retrospective analysis helps to find hacking facts that occurred unnoticed by security systems.

    On Thursday, December 6, at 2:00 pm , Dmitry Kim, product manager at Positive Technologies products, will give a free webinar presentation on how we implemented this approach in a new solution for early detection and prevention of targeted attacks. The webinar will be useful for managers and IS specialists of large companies (public sector, finance, industry, telecom).

    To participate in the webinar, you must register .

    Also popular now: