Skip to main content

Russian hackers ‘Fancy Bear’ now targeting governments with rootkit malware

Security researchers say that they have found evidence that for the first time Russia-backed hackers are now using a more sophisticated type of malware to target government entities.

ESET presented its case Thursday that the hacker group, known as Fancy Bear (or APT28), is using rootkit malware to target its victims. That marks an escalation in tactics, which the researchers say the group’s hacking capabilities “may be even more dangerous than previously thought.”

Although the researchers would not name the targeted governments, they said that the hackers were active in targeting the Balkans and some central and eastern European countries.

The malware, dubbed LoJax, uses a portion of LoJack, an anti-theft software that has been criticized for its brutal persistence making it challenging to remove — even when a user reinstalls their operating system. Arbor Networks found earlier this year that the LoJack agent now connected to a malicious command and control server operated by the hackers.

LoJax, like other rootkits, embeds in the computer’s firmware and launches when the operating system boots up. Because it sits in a computer’s flash memory, it takes time, effort and extreme care to reflash the memory with new firmware.

According to its investigation, ESET said that the hackers were “successful at least once” in writing a malicious module into a system’s flash memory.

Although attribution is typically difficult, the researchers found that systems hit by LoJax also contained other hacking tools known to used by Fancy Bear, including backdoors and proxy tools used for funneling network traffic to and from the hackers’ servers.

ESET said it could link the malware to earlier network infrastructure used by the hacker group “with high confidence.”

Fancy Bear has been active for more than a decade, but is best known for hacking into the Democratic National Committee and its disinformation and election influencing campaign against the U.S. in the run up to the 2016 presidential election. The hackers have also targeted senators, social media sites, the French presidential elections, and leaked Olympic athletes’ confidential medical files.

The researchers said that there are preventative measures. Because Fancy Bear’s rootkit isn’t properly signed, a computer’s Secure Boot feature could prevent the attack by properly verifying each component in the boot process. That can usually be switched on at a computer’s pre-boot settings.

ESET said that the discovery “serves as a heads-up, especially to all those who might be in the crosshairs of Fancy Bear.”



from TechCrunch https://ift.tt/2NND4WJ
via IFTTT

Comments

Popular posts from this blog

Apple’s AI Push: Everything We Know About Apple Intelligence So Far

Apple’s WWDC 2025 confirmed what many suspected: Apple is finally making a serious leap into artificial intelligence. Dubbed “Apple Intelligence,” the suite of AI-powered tools, enhancements, and integrations marks the company’s biggest software evolution in a decade. But unlike competitors racing to plug AI into everything, Apple is taking a slower, more deliberate approach — one rooted in privacy, on-device processing, and ecosystem synergy. If you’re wondering what Apple Intelligence actually is, how it works, and what it means for your iPhone, iPad, or Mac, you’re in the right place. This article breaks it all down.   What Is Apple Intelligence? Let’s get the terminology clear first. Apple Intelligence isn’t a product — it’s a platform. It’s not just a chatbot. It’s a system-wide integration of generative AI, machine learning, and personal context awareness, embedded across Apple’s OS platforms. Think of it as a foundational AI layer stitched into iOS 18, iPadOS 18, and m...

The Silent Revolution of On-Device AI: Why the Cloud Is No Longer King

Introduction For years, artificial intelligence has meant one thing: the cloud. Whether you’re asking ChatGPT a question, editing a photo with AI tools, or getting recommendations on Netflix — those decisions happen on distant servers, not your device. But that’s changing. Thanks to major advances in silicon, model compression, and memory architecture, AI is quietly migrating from giant data centres to the palm of your hand. Your phone, your laptop, your smartwatch — all are becoming AI engines in their own right. It’s a shift that redefines not just how AI works, but who controls it, how private it is, and what it can do for you. This article explores the rise of on-device AI — how it works, why it matters, and why the cloud’s days as the centre of the AI universe might be numbered. What Is On-Device AI? On-device AI refers to machine learning models that run locally on your smartphone, tablet, laptop, or edge device — without needing constant access to the cloud. In practi...

Max Q: Psyche(d)

In this issue: SpaceX launches NASA asteroid mission, news from Relativity Space and more. © 2023 TechCrunch. All rights reserved. For personal use only. from TechCrunch https://ift.tt/h6Kjrde via IFTTT