Must Read: Pawn Storm (Active Cyber Espionage Group) & Their Methods To Disrupt Democracies:
Pawn Storm is an active cyber espionage actor group that has been very aggressive and ambitious in recent years. The groups activities show that foreign and domestic espionage and influence on geopolitics are the groups main motives, and not financial gain. Its main targets are armed forces, the defense industry, news media, politicians, and dissidents.
snip
As we look at Pawn Storms operations over a two-year period, we can see how the group has become more adept at manipulating events and public opinion through the gathering and controlled release of information. Many eventslike their involvement in the Democratic National Convention hackhave been covered extensively. The groups cyber propaganda methodsusing electronic means to influence opinion4creates problems on multiple levels. Aside from manipulating the public, their operations also discredit political figures and disrupt the established media. The proliferation of fake news and fake news accusations in 2017 can in part be attributed to constant information leaks and manipulations by malicious actors. Media sources have already con rmed that Pawn Storm offered them exclusive peeks at high-impact information, presumably in an attempt to skew public perception on a certain topic or person.
In this paper, we take a deeper look at the facts we have compiled and delve into the variety of attacks that the group is using. Pawn Storm is known for its sophisticated social engineering lures, efficient credential phishing, zero days, a private exploit kit, an effective set of malware, false flag operations, and campaigns to influence the public opinion about political issues.
At its core, Pawn Stormalso known as Sednit5, Fancy Bear, APT286 7, Sofacy, and STRONTIUM8is still a persistent cyber espionage actor group. The actors often attack the same target from different sides, using multiple methods to reach their goals. It generally relies on practiced techniques, specically when it comes to phishing. Credential phishing has been a key part of many compromises done by Pawn Storm in recent years and we were the first to describe them in detail from 2014 and onwards.
Snip
https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf