Connect with us

Hi, what are you looking for?

Tech & Science

Hackers targeting NATO and U.S. military cyber-experts

Security researchers are being sent a document titled ‘Conference_on_Cyber_Conflict.doc’, containing information about the upcoming 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.). While the conference is real, the document is not, reports ZD Net.

The real conference is being hosted by the US Army and NATO Cooperative Cyber Defence Centre of Excellence and will run from November 7 through 8 this year at the Ronald Reagan Building in Washington D.C. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence.

APT28 or Fancy Bear linked to Russia
Over the weekend, security researchers at Cisco Talos revealed that an operation called Group 74, or APT28 aka Fancy Bear (that was also responsible for the DNC hack last year), has “weaponized” a real Word document titled “Conference_on_Cyber_Conflict.doc” with malware.
READ MORE: Cyberfirm Kaspersky seeks to win back trust over Russia spy claims
The hackers used a variant of a malware called Setuploader, commonly used in espionage. “This is clearly an attempt to exploit the credibility of Army Cyber Institute and NATO CCDCOE in order to target high-ranking officials and experts of cybersecurity,” said a CCDCOE spokesperson.

Setuploader has the ability to take screenshots, extract data, execute code and download additional fake files, and more, according to the researchers. This points to the hackers wanting to steal information with the goal of espionage. One thing is different about this particular document – It doesn’t contain an Office exploit or a zero-day.

Instead, it uses a malicious Visual Basic for Applications (VBA) macro, designed to run code within the selected application — in this case, Microsoft Word. This shows the extent that some groups will go to in extracting information from a particular group, in this case, cybersecurity experts.

The Sunday report comes just a few days after Proofpoint’s report had suggested APT28 was actively leveraging a security exploit that was patched by Adobe last week, in hopes of infecting as many targets in government departments and aerospace companies as it could before the breach was discovered.

Written By

Karen Graham is Digital Journal's Editor-at-Large for environmental news. Karen's view of what is happening in our world is colored by her love of history and how the past influences events taking place today. Her belief in man's part in the care of the planet and our environment has led her to focus on the need for action in dealing with climate change. It was said by Geoffrey C. Ward, "Journalism is merely history's first draft." Everyone who writes about what is happening today is indeed, writing a small part of our history.

You may also like:


Kharkiv, just 50 kilometres from the Russian border, remains under permanent threat of a fresh assault - Copyright Lehtikuva/AFP Vesa MoilanenPatrick FORTNew trenches, concrete...


Women presenters on Afghanistan's leading TV channels went on air Saturday without covering their faces, defying a Taliban order.


And nothing seems to stop her. Throughout her long life, she says she followed the mantra: work hard and be prepared.


Israeli forces shot dead a Palestinian teenage militant when clashes broke out during a Saturday raid in the occupied West Bank.