Russian Hackers Use Cyber Conflict Conference in Washington to Infect High Profile Ta

[Boats]

Russian Hackers Use Cyber Conflict Conference in Washington to Infect High Profile Targets in US Military & Intelligence
By: Rafia Shaikh - 10-23-17 1 hour ago
RE: http://wccftech.com/russia-hackers-c...nference-bait/

Hackers backed by the military intelligence agency of Russia are reportedly leveraging a warfare conference in Washington DC to target high profile NATO and US military cyber experts. The International Conference on Cyber Conflict US (CyCon) hosted by the US Army and NATO Cooperative Cyber Defence Centre of Excellence will begin next month and will be packed with NATO and US military cyber defenders. Kremlin-backed hackers have now been spotted running campaigns that are specifically targeting the attendees of this conference.

APT28 or Fancy Bear linked to Russia uses “decoy document in real cyber conflict”

In a report published over the weekend, security researchers at Cisco Talos revealed that APT28 aka Fancy Bear that was also responsible for the DNC hack last year, has weaponized a legitimate Word document titled “Conference_on_Cyber_Conflict.doc” with malware. Targeting potential attendees of this upcoming cybersecurity conference, researchers have said that the target list is highly lucrative to attackers since they could get a lot of sensitive information from this particular group.

“This conference has a lot of interesting attendees including current serving military members,” Talos wrote. “The attack on these kinds of individuals could yield extremely sensitive information and this is most likely what the actors were hoping for in this instance.”

Known as “Seduploader,” the malware is hidden in a two-page document that has been taken from the official conference website itself. The document was first created by attackers on October 4 with the attacks peaking three days later, on October 7.



Researchers write that the Seduploader reconnaissance malware has long been used by this threat actor and composes of 2 files, including a dropper and payload. This malware doesn’t leverage any zero day flaws and simply contains a malicious Visual Basic for Applications (VBA) macro within the Microsoft Office document. Talos suggests that the group hasn’t used any security flaws “to ensure they remained viable for any other operations.”

“Actors will often not use exploits due to the fact that researchers can find and eventually patch these which renders the actors’ weaponised platforms defunct.”

The event will be attended by infosec experts and top cyber defenders in the country
The event boasts speakers that include the likes of former NSA chiefs and US Senators. Current commanding general of the US Army’s Cyber Command, Paul Nakasone, former US National Security Agency director Keith Alexander, and Senator Martin Heinrich, who is currently on the Senate Intelligence Committee’s investigation into Russia’s election meddling are only some of the high profile names that will be speaking at November’s event.