Russian threat actor group APT28 has recently been probing email servers, scanning for vulnerable email, Microsoft SQL Servers and Directory servers, changing its tactics from its previous attacks. The APT group is responsible for some major cybercrime campaigns over the past few years, including stealing information from the Democratic National Committee (DNC). The group has also allegedly hacked the world anti-doping agency (WADA) several times following a state-sponsored doping scheme that was publicized.
The group has historically used spear-phishing tactics and malware to infiltrate its targets, however, Trend Micro has observed a shift in its tactics. In a report published on Thursday, Trend Micro found that in 2019, APT28 scanned port 443 for exposed email servers across the globe, later using brute force credentials to exfiltrate email data. The group seemed to still target military and defense organizations, governments, law firms, and political parties.
Read More: Russian APT28 Group Changes Tack to Probe Email Servers