More details are emerging about the culprits behind hacks of the Democratic National Committee (DNC) and campaign staffers working for Hillary Clinton.
The hacking group most widely identified as Fancy Bear, but also dubbed Sednit, APT28 and various other names, has been said to be based in Russia and working for the highest echelons of the nation’s government.
Reportedly behind incursions into the German parliament, Ukrainian leaders, NATO officials, Russian political dissidents, former U.S. Secretary of State Colin Powell, French TV network TV5Monde, as well as the DNC and Clinton’s campaign, the attackers have sent thousands of emails with malicious links to phony web pages that dupe recipients into giving up digital identities.
As much of the purloined information from these various incursions was gathered through phishing campaigns and subsequently appeared on WikiLeaks, the assumption has been that one group was behind the hacks.
But, The Register is reporting that the Russians are using more than phishing in their campaigns. The group also is employing zero-day exploits to pollute its target networks or individuals, according to security researchers at ESET.
ESET claimed that in just the last year the hackers exploited at least six zero-day vulnerabilities in Windows, Adobe Flash and Java. The hacking group, ESET wrote in its report [pdf], has launched so many zero days the suggestion is that there are considerable resources behind them.
“A run-of-the-mill criminal gang would be unlikely to make use of quite so many previously unknown, unpatched vulnerabilities because of the significant skill, time and resources required to properly uncover and exploit them,” the report stated.