Cyber Security – CERTs, Policy, etc

Strontium: A Cyber-Espionage Group

Note4Students

From UPSC perspective, the following things are important :

Prelims level : Strontium

Mains level : Cyber espionage

Recently, Microsoft said that it had disrupted cyberattacks from a Russian nation-state hacking group called ‘Strontium’.

What is Strontium?

  • Strontium, also known as Fancy Bear, Tsar Team, Pawn Storm, Sofacy, Sednit or Advanced Persistent Threat 28 (APT28) group, is a highly active and prolific cyber-espionage group.
  • It is one of the most active APT groups and has been operating since at least the mid-2000s, making it one of the world’s oldest cyber-spy groups.
  • It has access to highly sophisticated tools to conduct spy operations, and has been attacking targets in the US, Europe, Central Asia and West Asia.
  • The group is said to be connected to the GRU, the Russian Armed Forces’ main military intelligence wing.
  • The GRU’s cyber units are believed to have been responsible for several cyberattacks over the years and its unit 26165 is identified as Fancy Bear.

How does it attack networks?

  • The group deploys diverse malware and malicious tools to breach networks.
  • In the past, it has used X-Tunnel, SPLM (or CHOPSTICK and X-Agent), GAMEFISH and Zebrocy to attack targets.
  • These tools can be used as hooks in system drivers to access local passwords, and can track keystroke, mouse movements, and control webcam and USB drives.
  • APT28 uses spear-phishing (targeted campaigns to gain access to an individual’s account) and zero-day exploits (taking advantage of unknown computer-software vulnerabilities) to target specific individuals and organizations.
  • It has used spear-phishing and sometimes water-holing to steal information, such as account credentials, sensitive communications and documents.
  • A watering hole attack compromises a site that a targeted victim visits to gain access to the victim’s computer and network.

 

UPSC 2022 countdown has begun! Get your personal guidance plan now! (Click here)

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments