The Russian Cyberspies group Pawn Storm has been spotted with attempts to attack the Chancellor Angela Merkel’s Christian Democratic Union of Germany.
This is not the first attempt against the German Parliament. Security researchers reported last year that the Bundestag servers were infected by Pawn Storm hackers with malware known as APT28, Sednit, Sofacy, Fancy Bear and Tsar Team.
In April this year, Trend Micro detected that the same malicious actors were launching credential phishing attacks against the Christian Democratic Union (CDU). The attacks were targeting also high-profile users of the German freemail providers WEB.DE and GMX.
One Latvian fake CDU webmail server and three phishing domains for web.de and gmx.de, registered in the United Arab Emirates, were set by the hackers for the purpose. In a previous report, Trend Micro revealed that there are servers also in the Netherlands and Romania, and they have been used by Pawn Storm hackers in at least 80 high profile attacks. Most of them have been directed against governments around the world.
Pawn Storm hacking group is famous for its sophisticated and simultaneous attacks against corporate and personal email accounts. The way they operate has its peculiarities. They attack from multiple sides. First, the criminals create a fake version of the targeted organization’s official corporate webmail server. At the same time, they apply attacks against the private free webmail accounts of key members of the organization.
Phishing of credentials through this double strategy is an essential espionage tool for this Russian cybercriminal group. Security experts reveal that in previous attacks of Pawn Storm, they have been witnessing complete online e-mail box downloading and secret e-mail addresses forwarding.
This group of cyber criminals is not new to the digital playground. Pawn Storm is one of the longest-lasting cyber espionage groups known to security researchers. They continue to be highly active in their spying and hacking deeds even nowadays. A significant activeness related to a malware called “X-Agent” has been observed by security experts recently. This malware is known to be used by the hackers only against exclusive targets of a high value.
The German Government, however, is not the only target of the Cyberspies. Earlier in March, Trend Micro experts announced they have seen Pawn Storm attempts of attack against Government, main Media and Minister’s Office in Turkey. Several other reputed research groups say that this group of hackers has targeted governments in Eastern Europe, United States, and even NATO. Different media, military and defense organizations all over the world have also been compromised in the past.