Weekly Threat Briefing: Russian State Hackers Phish Euro Governments Ahead of Elections

Weekly Threat Briefing: Russian State Hackers Phish Euro Governments Ahead of Elections

March 26, 2019 | Anomali Labs

The intelligence in this weekís iteration discuss the following threats: APT28, APT32, Cryptominer, FIN7, IoT, MageCart, Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section. Click here to request a trial.


The Advanced Persistent Threat (APT) group ìAPT28î is believed to be a Russian-sponsored group that has been active since at least 2007. The group displays high levels of sophistication in the multiple campaigns that they have been attributed to, and various malware and tools used to conduct the operations align with the strategic interests of the Russian government. The group is believed to operate under the Main Intelligence Directorate (GRU), the foreign intelligence agency of the Russian armed forces.


APT32 has been conducting cyberespionage campaigns since at least 2013, with a particular focus on individuals and businesses with ties to Vietnam. FireEye researchers contend that the groupís malicious activity is aligned with Vietnamese government interests. Security firms have not yet released the specific targets and victims in order to protect their customers. The group uses their own unique malware in addition to open source tools to attack their targets. The combination of malware and tools allows the group to maintain presence on an infected machine or system, as well as moving laterally through a network.

Anomali Labs
About the Author

Anomali Labs

Get the latest threat intelligence news in your email.