• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Pawn Storm

March 20, 2020 By Marc Laliberte

Pawn storm

Last week, Trend Micro released a report highlighting the recent tools, tactics and procedures of Pawn Storm aka APT28 aka Fancy Bear aka Strontium. Trend has been tracking this group for over the last decade, releasing reports in 2014 and 2017 on their latest activities. In this most recent report, Trend sheds light on a credential theft phishing campaign that is all too common in the current cyber threat landscape.

The 15-page report, available here (pdf), shows how Pawn Storm operators started using stolen email credentials from “high-profile targets” to send out spam messages while masking their tracks using commercial VPN providers. We’ve noted previously both on Secplicity and on The 443 Podcast how attackers are using stolen credentials to execute wide ranging attacks. In the case of Pawn Storm, Trend found that the attackers were probing for the network ports of exposed email services and then using those services to brute force credentials.

The report concludes with several good tips for organizations of any size to defend against these threats. Things like requiring two-factor authentication, educating employees on common phishing techniques, and regularly monitoring infrastructure are bare bones basics that all organizations should be doing to defend against not just APT28’s latest techniques, but all cyber attacks.

Share This:

Related

Filed Under: Editorial Articles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • An Update on Section 230

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use