Several security vendors believe it operates out of Russia and has possible ties to that country’s intelligence agencies. The group’s primary malware tool is a backdoor program called Sednit or Sofacy that it delivers to victims through spear-phishing emails or drive-by downloads launched from compromised websites. The group appears to be targeting Commercial Bank International in the UAE, Bank of America, TD Canada Trust, the United Nations Childrens Fund (UNICEF), United Bank for Africa, Regions Bank, and possibly Commerzbank. It is thought that the group will employ spear-phishing as their main method of delivery. Root9B analysts believe that there might be two subgroups within APT28: One that targets military and government organizations and one that targets financial institutions and banks. The IP address of a command-and-control server set up by the attackers has been published so that banks and other financial companies can block them on their networks. Source: CIO.com 15.05.2015 http://www.majorgeeks.com/news/story/russian_hackers_targeting_us_banks.html http://www.cio.com/article/2921774/russian-cyber-group-seen-preparing-to-attack-banks.html
