APT28 (Russia): The Russian-linked APT28 threat group, also known as Fancy Bear, was seen carrying out a large-scale attack against Office 365 users according to researchers at Microsoft. The attacks began in April and are still ongoing. Mostly targeting users in the United States and the United Kingdom, these people work at companies that are in some way affiliated with the upcoming elections. Leading up to the 2016 presidential election, APT28 was also accused of carrying out attacks. Through the use of spear-phishing, a series of credential-harvesting campaigns were launched. After compromising targeted individuals the threat actor stole the credentials of additional user accounts and used those for lateral movement throughout the internal network. This time around, the group has shifted tactics and began using brute-forcing and password spraying attacks to gain access to targeted accounts. These attacks allow the group to use programs to essentially guess a password that someone is using and preying on victims who use simple passwords without Multi-Factor Authentication (MFA). The shift in tactics allows the group to carry out attacks on a larger scale while remaining more anonymous.
If you’re outside the security industry, you probably think of a cybercriminal as they are