Threat intelligence firm FireEye has warned since 2017 that APT33 had links to another piece of destructive code known as Shapeshifter .Moran declined to name any of the specific industrial control system, or ICS, companies or products targeted by the APT33 hackers.
Last August, researchers from the threat intelligence firm FireEye uncovered a vast social media influence campaign, conducted by a network of inauthentic news outlets and fake personas with ties to Iran.
In those investigations, FireEye says it's identified a collection of custom malicious software that the Triton hackers used, tools that allowed the hackers to patiently advance their intrusion as they worked to gain access to the victims' industrial control systems.
LockerGoga, which was named for a file path in its source code by security research group MalwareHunterTeam, remains relatively rare and targeted compared to older forms of ransomware like SamSam and Ryuk, says Charles Carmakal, who leads a team of incident responders at FireEye who have dealt with multiple infestations.
Researchers at Ohio State University, the security company FireEye, and research firm Leidos last week published a paper describing a new system that reads millions of tweets for mentions of software security vulnerabilities, and then, using their machine-learning-trained algorithm, assessed how much of a threat they represent based on how they're described.
"To do that work from Russia takes a remarkable amount of courage." John Hultquist, FireEye These are just the latest in an ongoing series of revelations the Insider and Bellingcat have made about the GRU, an agency now believed to be responsible for everything from the Skripal assassination attempt to the hacking and leaking operation targeting US and French elections.
Attribution is a tricky business, and the DNC didn’t provide much specific evidence to back up their claims of Russian involvement, but it lines up with a previous wave of Russian spearphishing noted by security firm FireEye last fall. This one belongs to the Oklahoma Department of Securities, which left millions of files open to public access.
But grid hacking comes in less dramatic forms as well—which makes Russia's continued probing of US critical infrastructure all the more alarming.At the CyberwarCon forum in Washington, DC on Wednesday, researchers from threat intelligence firm FireEye noted that while the US grid is relatively well-defended, and difficult to hit with a full-scale cyberattack, Russian actors have nonetheless continue to benefit from their ongoing vetting campaign."There’s still a concentrated Russian cyber espionage campaign targeting the bulk of the US electrical grid," says FireEye analyst Alex Orleans says.
It's not uncommon to see them come out with a new variant or a totally new malware family."Palo Alto Networks researchers have only found one sample of the special Cannon-laced malicious document so far, but it was part of a broader APT 28 phishing campaign they observed that focused on government targets in North America, Europe, and a former USSR state that the company declined to name.Meanwhile, investigators at FireEye observed an extensive phishing campaign launched last week that appears to come from APT 29 hackers, also called Cozy Bear.