In August 2018, Sednit’s operators deployed two new Zebrocy components, and since then we have seen an uptick in Zebrocy deployments, with targets in Central Asia, as well as countries in Central and Eastern Europe, notably embassies, ministries of foreign affairs, and diplomats
ESET researchers have discovered the first in-the-wild UEFI rootkit. Dubbed LoJax, the research team has shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe. The Sednit group is a resourceful APT group targeting people and
ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe
Zebrocy heavily used by the Sednit group over last two years
Over the past few years the Sednit group has used various techniques to deploy their various components on targets computers. The attack usually starts with an email containing either a malicious link or malicious attachment.
Sednit is back - this time with two more zero-day exploits embedded in a phishing email titled Trump's_Attack_on_Syria_English.docx.
The IAAF has become the latest organization to fall victim to the cybercriminal gang Sednit.
Take a closer look at the cyberespionage group Sednit, which has targeted over 1000 high-profile individuals and organizations with phishing attacks and zero-day exploits.
This feature offers a very digested read of ESET's trilogy of research papers on Sednit, one of the most notorious groups of cyberattackers in the world.
The full whitepaper “En Route with Sednit,” compiling parts 1-3.
In the third and final part of our whitepaper “En Route with Sednit,” we describe a special downloader named Downdelph.
In the second part of our whitepaper “En Route with Sednit”, we focus on Sednit’s espionage toolkit, which is deployed on targets deemed interesting after a reconnaissance phase (described in the first part of the whitepaper).
ESET's threat analysts have taken a closer look at the software used by Sednit to spy on its targets and steal confidential information.
Security researchers at ESET have released their latest research into the notorious and highly experienced Sednit cyberespionage group.
In the first part of our whitepaper “En Route with Sednit”, we focus on the methods used by the group to attack its targets, and on who these targets are.
The infamous Sednit espionage group is currently using the Hacking Team exploits disclosed earlier this week to target eastern European institutions.
The Sednit espionage group, also known as the Sofacy group, APT28 or “Fancy Bear”, has been targeting various institutions for many years. We recently discovered a component the group employed to reach physically isolated computer networks -- “air-gapped” networks -- and exfiltrate sensitive files from them through removable drives.
For at least five years the Sednit group has been relentlessly attacking various institutions, most notably in Eastern Europe. The group used several advanced pieces of malware for these targeted attacks, in particular the one we named Win32/Sednit, also known as Sofacy.
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023
The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality
