WTB: CSE Malware ZLab – Operation Roman Holiday – Hunting the Russian APT28

WTB: CSE Malware ZLab – Operation Roman Holiday – Hunting the Russian APT28

July 17, 2018 | Anomali Labs

The intelligence in this week’s iteration discuss the following threats: APT28, AZORult, BlackTeck, Golden Cup, Leviathan APT, Magecart and Upatre. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.

Trending Threats

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section. Click here to request a trial.

APT28
The Advanced Persistent Threat (APT) group “APT28” is believed to be a Russian-sponsored group that has been active since at least 2007. The group displays high levels of sophistication in the multiple campaigns that they have been attributed to, and various malware and tools used to conduct the operations align with the strategic interests of the Russian government. The group is believed to operate under the Main Intelligence Directorate (GRU), the foreign intelligence agency of the Russian armed forces.

Leviathan
The Cyber Espionage group “Leviathan” is believed to be a China-based group that has been active since at least 2013. Leviathan conducts cyber espionage operations primarily on maritime, naval defense contractors, and associated research targets across multiple industries. The group’s targets are mainly located in the United States and Western Europe.

Anomali Labs
About the Author

Anomali Labs

Get the latest threat intelligence news in your email.