Hacking group Sednit uses document about President Trump’s action in Syria to lure victims, reports ESET researchers

Next story

The Sednit hacking group – also known as APT28, Fancy Bear and Sofacy – is back on the radar after alleged interference in the French elections, having targeted frontrunner (and now president elect) Emmanuel Macron. 

ESET researchers have observed another one of Sednit’s phishing emails in action. They use a recently published article about Trump’s missile strike on Syria to lure victims into opening an attachment that then drops its infamous reconnaissance tool: Seduploader.

Inside the document, titled “Trump's_Attack_on_Syria_English.docx,” Sednit uses two zero-day exploits to drop the Seduploader component: the first one, CVE-2017-0261, for a remote code execution vulnerability in Microsoft Word, and the second one, CVE-2017-0263, for a local privilege escalation in Windows. ESET reported both vulnerabilities to Microsoft, which addressed them today in its regular monthly security update.

“The Sednit group shows that it’s far from done with its activities,” says ESET Security Intelligence Team Lead Alexis Dorais-Joncas on recent findings. “Although Sednit is maintaining its old habits – such as the reuse of code and using known attack methods, as described in our extensive whitepaper – we have noted several improvements in Seduploader over the past several months.“ 

Last October, ESET published an extensive analysis of Sednit’s arsenal and tactics in its whitepaper, En Route with Sednit.

Read the entire analysis on the latest Sednit group attack, titled “Sednit adds two zero-day exploits using ‘Trump’s attack on Syria’ as a decoy” on WeLiveSecurity.com. 

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information, visit www.eset.com or follow us on LinkedInFacebook and Twitter.

Media Contact

Anna Keeve

ESET North America