Posted on Leave a comment

FBI & Department of Justice has Seized 2 Domains used by APT29 for Spear-Phishing Attack.

2 domains used by APT29 group in spear-phishing attacks which targeted government agencies and think tanks were seized by FBI & DOJ.

Unites States has seized the 2 Command & Control servers and malware domains which was used in the spear-phishing activity by mimicking U.S.Agency for International Development(USAID).

The department’s seizure of two domains for disrupting the malicious actors for compromising the victims .

FBI: Hackers stole source code from US government agencies and private  companies | ZDNet
Source: ZDnet

Last week’s action is a continued demonstration of the Department’s commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation,” stated by Assistant Attorney General John C. Demers for the Justice Department’s National Security Division. “Law enforcement remains an integral part of the U.S. government’s broader disruption efforts against malicious cyber-enabled activities, even prior to arrest, and we will continue to evaluate all possible opportunities to use our unique authorities to act against such threats.”

“The FBI remains committed to disrupting this type of malicious cyber activity targeting our federal agencies and the American public,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “We will continue to use all of the tools in our toolbelt and leverage our domestic and international partnerships to not only disrupt this type of hacking activity but to impose risk and consequences upon our adversaries to combat these threats.”

“Upon a recipient clicking on a spear-phishing email’s hyperlink, the victim computer was directed to download malware from a sub-domain of theyardservice[.]com. Using that initial foothold, the actors then downloaded the Cobalt Strike tool to maintain persistent presence and possibly deploy additional tools or malware to the victim’s network. The actors’ instance of the Cobalt Strike tool received C2 communications via other subdomains of theyardservice[.]com, as well as the domain worldhomeoutlet[.]com. It was those two domains that the Department seized pursuant to the court’s seizure order.” stated in the detailed notification.

-–For more Cyber security news in crisp content . Please follow our site.

Leave a Reply