Sednit: What’s going on with Zebrocy?
メールをC2として使う攻撃が発見されたとのこと。firewallやIPSなんかで検知が難しくなるって話。ま、防げないって事では無いけど長期的に考えると、ちょっと頭の体操が必要。古くて新しい攻撃手法だね。また熊さんと言うことで。
- Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan - Palo Alto Networks Blog
- Russian hackers are trying out this new malware against US and European targets | ZDNet
- Sofacy APT group used a new tool in latest attacks, the CannonSecurity Affairs
- Sofacy APT Takes Aim with Novel 'Cannon' Trojan | Threatpost | The first stop for security news
- Russia’s Cozy Bear comes out of hiding with post-election spear-phishing blitz | Ars Technica