Russian Hackers Are Using Brexit To Leverage Cyber Attacks

A hacking group widely believed to work on behalf of the Russian state is using Brexit as a lure for conducting cyber operations with the aim of delivering malware to targets across Europe.

The UK's departure from the European Union appears to be the latest in a line of current affairs topics which Russian hacking group Fancy Bear, also known as APT28, Sofacy and a variety of other names, is using in an effort to trick targets into opening emails and downloading malware.

Earlier this month, the hacking operation, which is thought to have strong links to the Kremlin, was seen using phishing lures relating the recent Lion Air crash off the Indonesian coast. But now cyber security researchers at Accenture have seen the group that they refer to as SNAKEMACKEREL exploiting Brexit in a campaign designed to deliver Trojan malware.

It's believed that the campaign has actively targeted government departments, particularly ministries of foreign affairs, political think-tanks, and defence organisations across Europe.

"The threat group is likely to be seeking access to insights on the latest political affairs, including confidential documents on national interests related to current news headlines such as Brexit," said Michael Yip, security principal at Accenture Security's iDefense Threat Intelligence, 

Targets are sent an email with an attachment named Brexit 15.11.2018.docx. If they open it, they're met with jumbled-up text and a claim of an error relating to the document being created in an earlier version of Microsoft Word. Users are urged to 'enable content' to see what the document claims to contain, but if they follow through with this request, it enables macros and allows malicious-macro-enabled content to retrieve and deliver malware. 

The malicious payload is Zeboracy, a Trojan that has previously been observed being deployed as part of cyber espionage campaigns working out of Russia.

Analysis of the of the malicious attachment also provides clues pointing towards the origin of the attacks: the document is said to be last modified by a user called 'Joohn', a name that has appeared in the file information of previous Fancy Bear campaigns. Researchers also note that the document was compiled by a company named Grizli777.

The group has been particularly active since October and Accenture has "high confidence" that the campaign still remains highly active. Given how quickly the attackers react to current affairs, it's likely only a matter of time before they use a new news event as a lure to conduct attacks.

"The speed in which fresh news headlines are used for document lures in attacks particularly highlights the group's knowledge of foreign affairs and provides strong indications of their targeting remit," said Yip.

Fancy Bear has been linked to a number of high-profile cyber campaigns in recent years, including the cyber-attacks and disinformation as a means of interference around the US Presidential election. It's also thought to have conducted additional espionage campaigns against a number of nation-states and international organisations.

ZDNet

You Might Also Read:

Russian Hackers Have New Weapons:

« Marriott Hack- 500m Data Records Exposed
GCHQ Doesn't Always Tell Vendors If Their Software Is Vulnerable »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

SmartSearch

SmartSearch

SmartSearch is a leading online provider of Anti-Money Laundering and Fraud Prevention Services.

Nmap Project

Nmap Project

Nmap Project is a Free and open source tool for network discovery, administration, and security auditing.

Security Audit Systems

Security Audit Systems

Security Audit Systems is a website security specialist providing website security audits and managed web security services.

Identity Automation

Identity Automation

Identity Automation is a leading provider of Identity and Access Management software.

IPCopper

IPCopper

IPCopper specializes in network packet capture appliances for cybersecurity, cybersurveillance and network monitoring, and encrypted data storage.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

CLDigital

CLDigital

CLDigital's no-code risk and resilience platform, CL360, provides leaders with risk and resilience data to make strategic and tactical continuity decisions.

Fortanix

Fortanix

Fortanix Runtime Encryption keeps keys, data, and applications completely protected from external and internal threats.

CYE

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

Axonius

Axonius

Axonius is the only solution that offers a unified view of all assets and their coverage, empowering customers to take action to enforce their organization’s security policies.

Naukrigulf

Naukrigulf

Naukrigulf.com is one of the fastest growing job sites in the Gulf, with thousands of registered job seekers and a robust CV database across many sectors, including cybersecurity.

Whistic

Whistic

Whistic is a cloud-based platform that uses a unique approach to address the challenges of third-party risk management.

BitTrap

BitTrap

BitTrap helps companies worldwide detect attackers and put an early end to breaches, preventing data exfiltration and ransomware altogether.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.

Aceiss

Aceiss

Aceiss empowers access security, providing unprecedented visibility and insights into user access.