Security experts say that a hacking group widely believed to be linked to the Russian government has been executing cyberattacks against diplomats in North America and Europe.
Cyber firm Palo Alto Networks said Wednesday that Sofacy, commonly known as “Fancy Bear” and “APT28,” is behind a spear phishing attack that has targeted foreign affairs agencies and ministries in North America and Europe.
Palo Alto Networks has not linked the group to a particular nation-state. But other security firms like FireEye and CrowdStrike have said it is connected to Russia.
The U.S. intelligence community has blamed the hacking group for cyberattacks against top Democratic officials ahead of the 2016 presidential election.
Palo Alto Networks says its research clearly shows that Sofacy used the same tools and methods it has used in past attacks to carry out the latest one.
The researchers said the hackers used a spear phishing email purporting to come from Jane’s 360, a British publishing company that specializes in military and aerospace topics. The email says it contains a schedule of events, which is actually a malicious document attachment.
“They continue to be persistent in their attack campaigns and continue to use similar tooling as in the past,” the blog post says of Sofacy. “This leads us to believe that their attack attempts are likely still succeeding, even with the wealth of threat intelligence available in the public domain.”
Germany disclosed that its security services discovered that Sofacy infiltrated its Foreign and Defense ministries in December, according to media reports that emerged Wednesday. Germany reportedly said the cyberattack likely unfolded as a result of malware.
“We can confirm that the Federal Office for Information Security (BSI) and intelligence services are investigating a cybersecurity incident concerning the federal government’s information technology and networks,” a German Interior Ministry spokesman said, according to Deutsche Welle.
Sofacy is also believed to be the likely culprit behind other attacks on European countries, including a 2015 attack on the German parliament as well as NATO.