Must Read: Pawn Storm (Active Cyber Espionage Group) & Their Methods To Disrupt Democracies:

Pawn Storm is an active cyber espionage actor group that has been very aggressive and ambitious in recent years. The group’s activities show that foreign and domestic espionage and influence on geopolitics are the group’s main motives, and not financial gain. Its main targets are armed forces, the defense industry, news media, politicians, and dissidents.

snip

As we look at Pawn Storm’s operations over a two-year period, we can see how the group has become more adept at manipulating events and public opinion through the gathering and controlled release of information. Many events—like their involvement in the Democratic National Convention hack—have been covered extensively. The group’s cyber propaganda methods—using electronic means to influence opinion4—creates problems on multiple levels. Aside from manipulating the public, their operations also discredit political figures and disrupt the established media. The proliferation of fake news and fake news accusations in 2017 can in part be attributed to constant information leaks and manipulations by malicious actors. Media sources have already con rmed that Pawn Storm offered them exclusive peeks at high-impact information, presumably in an attempt to skew public perception on a certain topic or person.

In this paper, we take a deeper look at the facts we have compiled and delve into the variety of attacks that the group is using. Pawn Storm is known for its sophisticated social engineering lures, efficient credential phishing, zero days, a private exploit kit, an effective set of malware, false flag operations, and campaigns to influence the public opinion about political issues.

At its core, Pawn Storm—also known as Sednit5, Fancy Bear, APT286 7, Sofacy, and STRONTIUM8—is still a persistent cyber espionage actor group. The actors often attack the same target from different sides, using multiple methods to reach their goals. It generally relies on practiced techniques, specically when it comes to phishing. Credential phishing has been a key part of many compromises done by Pawn Storm in recent years and we were the first to describe them in detail from 2014 and onwards.

Snip



https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf