The Sofacy group aka APT28 or Fancy Bear has recently attacked a European government agency using a new version of DealersChoice. This new variant of DealersChoice can do geat cybersecurity problems to all the unprotected devices out in the cyberspace.
During this attack, the Russian cybercriminal group used docx files titled “Defence & Security 2018 Conference Agenda”.
The docx files are containing a malicious Flash exploitation framework that is used by the Sofacy threat group in their version of DealersChoice.
The cyber attack is done by delivering Microsoft Word documents that contained Adobe Flash objects capable of loading additional malicious Flash objects.
Sofacy started using DealersChoice in the fall of 2016, but during the malware analysis, researchers discovered that the new cyber attacks from March 12 and 14 are using a different variation of the spear-phishing attack.
This kind of malicious docx documents can be tracked by installing a cybersecurity solution like an antivirus for Windows or antivirus for Mac, depending on which OS their device is running. Besides this, a company must hire a cybersecurity firm that will lunch on purpose various attacks on company’s network to reveal its flaws. The attacks like this are made through specialized cybersecurity tests like penetration test and ethical hacking tests.
This is an excellent example of how cybercriminals groups adapt over time. The Sofacy threat group continues to use their DealersChoice framework to exploit Flash vulnerabilities. In the most recent variant of DealersChoice, Sofacy modified the internals of the malicious scripts, and unlike previous samples, this DealersChoice used a docx delivery document that required the user to scroll through the document to trigger the malicious Flash object and because of this chances of success is lowered in this case alone.
To reduce and eventually eliminate all the risk of this kind of cybersecurity problems practice good cyber security habits, update your apps and OSs to latest versions available and implement a robust cybersecurity solution.