Wave Systems Corp. (fka WAVXQ)

[Genz2]

Russian hackers using stolen corporate email accounts to mask their phishing attempts

https://www.cyberscoop.com/fancy-bear-phishing-email-trend-micro-apt-28/

Hackers working for Russian military intelligence have long relied on zero-days and malware to target their victims, but in the last year they’ve kept it simple — using previously hacked email accounts to send a wide array of phishing attempts, according to new research from security firm Trend Micro.

Since at least May of last year, the group known as Fancy Bear, APT28, or Pawn Storm, has used hacked email accounts belonging to high-profile personnel working at defense firms in the Middle East to carry out the operation, according to Feike Hacquebord, a senior threat researcher at Trend Micro.

“The actor connects to a dedicated server using the OpenVPN option of a commercial VPN provider and then uses compromised email credentials to send out credential spam via a commercial email service provider,” Hacquebord writes in the research.

The group, which the U.S. Department of Justice linked with Russia’s Main Intelligence Directorate of the Russian General Staff (GRU) two years after its 2016 intrusion at the Democratic National Committee, has long been focused on conducting espionage against defense ministries and military entities for Moscow’s political and economic gain.

But Fancy Bear has also been firing off phishing attempts using hacked email addresses from the government, financial, utilities, and transportation sectors in the United Arab Emirates, India, Pakistan, Jordan, and the U.S., according to Trend Micro, suggesting the group has plenty of previously successful compromises.

It isn’t clear why the Russian hacking group, which has been active since 2004, is willing to risk revealing some of their successful crusades in order to run these campaigns, Hacquebord said.

“Pawn Storm could be attempting to evade filtering at the cost of making some of their successful compromises known to security companies,” Hacquebord said. “However, we did not notice a significant change in successful inbox deliveries of the group’s spam campaigns, making it difficult to understand the rationale behind the change in methodology.”

Hacquebord said he suspects Trend Micro’s new findings suggest that Fancy Bear may rely on targeting techniques that don’t rely on malware, which may reveal how the the GRU carries out its plans.

Fancy Bear has not necessarily abandoned its use of malware to target its victims — the group was using malware last summer to target Central Asian nations, diplomatic entities, and foreign affairs organizations, as CyberScoop first reported. The group has also in recent months targeted sports-related organizations, particularly Olympics-linked entities in advance of the planned Tokyo Olympics in 2020, and may have used malware to do so, according to Microsoft research.

Please see link above for the rest of the article.
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Excerpts:

Key Features:

Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies

=================================================================
https://www.wavesys.com/
=================================================================
ANOTHER IMPORTANT reason to use Wave VSC 2.0!!!

BETTER SECURITY AT LESS THAN HALF THE COST!!!