image credit: Pixabay

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

December 10, 2020

Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware.

The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Researchers from cybersecurity firm Intezer linked the attacks to a group operating under the APT28.

Read More on Security Affairs