Yesterday the UK and several other nations released statements regarding the recent cyber-attacks and linking them to a foreign military unit, saying they are operating under different names including Sednit.
Please find a comment from ESET Researcher Alexis Dorais-Joncas, who has been tracking and researching the Sednit group.
Alexis Dorais-Joncas, Researcher at ESET:
“Today, several countries, including UK, Netherlands and Canada, issued statements related to several high profile cyberattacks that happened in their respective countries in the past few years.
Most of the cyberattacks mentioned in the statements have been already made public and linked to the Sednit group, also known as Fancy Bear or APT28.
However, the statements went further and directly attributed the attacks with “high confidence” to a foreign military intelligence unit. The Netherlands exposed publicly the real identify of several foreign agents expelled from the country after being identified. In addition, the USA’s DoJ indicted 7 defendants belonging to the same foreign intelligence unit for computer hacking, wire fraud, aggravated identity theft, and money laundering.
We cannot verify or confirm attribution to nations and perpetrators mentioned, this is the work for law-enforcement.
ESET has been tracking and researching the Sednit group’s activity for multiple years and can re-iterate that the group’s technical skills and resources are significant
The Sednit group has been actively developing and improving their custom attack toolkit since at least 2004. Just last week, ESET researchers released the details of the group’s very latest innovation: a custom-built malicious UEFI implant that ensures a very strong persistence on infected system. It is the very first malicious UEFI implant seen in the wild. We consider Sednit a dedicated adversary that has access to significant resources to carry on their attacks. They are alternating between different infection methods to initiate their attacks on new targets, from the usage of expensive 0days down to low-tech spearphishing, depending on the value of the targets and their defense mechanisms.”