What’s in News:
- Microsoft said it had disrupted cyberattacks from a Russian nation-state hacking group called ‘Strontium’ after it targeted Ukrainian firms, media organisations, government bodies, and think tanks in the U.S. and the EU.
More about Strontium
- Strontium, also known as Fancy Bear, Tsar Team, Pawn Storm, Sofacy, Sednit or Advanced Persistent Threat 28 (APT28) group, is a highly active and prolific cyber-espionage group. It is one of the most active APT groups and has been operating since at least the mid-2000s, making it one of the world’s oldest cyber-spy groups.
How does it attack networks?
- The group deploys diverse malware and malicious tools to breach networks. In the past, it has used X-Tunnel, SPLM (or CHOPSTICK and X-Agent), GAMEFISH and Zebrocy to attack targets.
- These tools can be used as hooks in system drivers to access local passwords, and can track keystroke, mouse movements, and control webcam and USB drives. They can also search and replace local files and stay connected to the network, according to a report by the U.K. National Cyber Security Centre (NCSC).
- It has used spear-phishing and sometimes water-holing to steal information, such as account credentials, sensitive communications and documents.
- A watering hole attack compromises a site that a targeted victim visits to gain access to the victim’s computer and network.
Read more about cybercrimes and attacks: