APT28 is a renowned cyber espionage group suspected to be sponsored by the Russian government. APT28’s existence goes back to, at least, 2007. APT28’s focus has always been on intelligence theft that would benefit a government entity. The group has never before focused on intellectual property or financial information. Now it seems they have shifted their focus.
Several security firms, including FireEye, have gathered intelligence indicating that APT28 may begin targeting financial institutions in the US and abroad. The intelligence is based in the discovery of a spear phishing campaign. Several spear phishing domains have been created targeting banks in UAE. One such domain was registered on a server known to be related to Russian operations. Several new pieces of malware were discovered that contained signatures associated with APT28. It is suspected that the attack preparations began in June of last year.
Authorities have been notified of the potential for attack. Also, the security teams of the targeted banks have been notified. Here is the list of financial institutions that may be targeted:
Bank of America, TD Canada Trust, Regions Bank, United Nations Children’s Fund, United Bank of Africa, Commercial Bank International (UAE), and Commerzbank.
If you bank with any of these organizations you should pay special attention to not click any links in emails that are received from your financial institution. These attacks are suspected to be delivered through emails containing malicious links or files designed to steal personal or financial information.