In the last two months, according to the cybersecurity firm Trend Micro, the Russian hacking group known as "Fancy Bear" or APT28 registered at least four different fake domains in an apparent attempt to launch a phishing campaign against Emmanuel Macron, the moderate and pro-European candidate who won the election's first round on Sunday. The company, however, only published one of those domains, and didn't reveal why it was so confident that Fancy Bear was behind the alleged phishing campaign. [...]
Associated Press reporter Raphael Satter also found this link on Monday. And a Trend Micro spokesperson confirmed to Motherboard that these are indeed the four domains they identified.
Here's a graph showing all the connections and links between these domains. [...]
ThreatConnect, another security firm, delved into the little data that's public and found that there are indeed some links to Fancy Bear. In particular, the company pointed to the use of a @mail.com address to register the domains; an IP address (194.187.249[.]135) that was identified by the US Department of Homeland Security as being used by Russian hackers; and other associated IP addresses registered with the hosting service THCservers, which has been previously used by Fancy Bear. The company also identified a fifth domain (en-marche[.]co) allegedly linked to the other four phishing domains.
No comments:
Post a Comment