Kremlin-linked hacking group, Fancy Bear, now using stealthy, new tools

September 27, 2018

The infamous Kremlin-linked hacking group, Fancy Bear, is now using stealth new tools that experts have never seen before, cyber-espionage researchers announced on Thursday.

According to a report by the Slovakia-based cybersecurity firm ESET, the threat posed by Fancy Bear and its offshoots “may be even more dangerous than previously thought.”

Fancy Bear is the hacking group found responsible for the 2016 Democratic National Committee email hack and alleged to operate out of Russia’s GRU intelligence agency. Special counsel Robert Mueller earlier this summer indicted numerous Russians connected to Fancy Bear for their role in attacking the 2016 U.S. presidential campaign.

Previously, Russian hackers were known to rely upon more basic attack methods, including spear-phishing emails.

ESET’s researchers say they found the hackers are now using a more sophisticated “rootkit” malware, known as LoJax, which embeds itself so deeply into a computer that it cannot be removed even if a computer’s operating system is reinstalled.

“Such an attack, should it succeed, would lead to full control of a computer by the attacker, with nearly total persistence,” Jean-Ian Boutin, a senior ESET security researcher, said in a statement accompanying the report.

Cybersecurity experts say that the best way to fix a LoJax attacked computer -- is to throw it away.

ESET also noted that variations of LoJax malware have recently been discovered in attacks on “a few government organizations in the Balkans as well as in Central and Eastern Europe.”

Update hourly