These same Russian hacking group that were linked to the US Democratic National Committee (US DNC) hacking has turned their efforts and attention to Apple’s Macintosh computers.
Hacking group APT28 was blamed for the hack of the Democratic Party and in turn releases Xagent malware that can steal iPhone backups.
“APT28 is known for leveraging domains that closely mimic those of targeted organizations and tricking potential victims into entering legitimate credentials,” the FBI and DHS said in their report. “Once APT28 and APT29 [another Russian hacking group] have access to victims, both groups exfiltrate and analyze information to gain intelligence value.”
As per Romanian Security Company Bitdefender, the new malware release by APT28 known as the Xagent malware creates backdoors into Macs and allowing them to steal browser passwords, get screenshots and grab iPhone backups stored on the computer.
As of this now, there are no information about what they are trying to target. However, everything points to APT28 since they are using the dame dropper/downloader and a similar command and control center URLS and as well as sine artifacts hardcoded in the binary files.
There has been no news or comments from Apple.
The US election was blamed for interference in the US election. Fancy Bear, Sofacy among other labels has been active since the mid-2000’s as per security tech company Crowdstrike.
They have notoriously been carrying out attacks to various countries. Brazil, Western Europe, Canada, China, Iran, Malaysia, Japan, US and South Korea are some of the countries just to name a few.
A report from the FBI and the Department of Homeland Security in December said
APT28, which stands for “Advanced Persistent Threat,” infiltrated the DNC’s systems in the spring of 2016 as per FBI and Homeland Security last December 2016. Information that got exposed were emails from John Podesta, a top adviser to Hillary Clinton which got leaked, as were data like speeches she gave to Goldman Sachs.
From that day forward, the US has looked into other possible interference from Russia and not just only about the elections.