Stories

New malware from Russia's Fancy Bear uses email to phone home

Researchers at Palo Alto Networks discovered new malware being used by the Kremlin-backed hacking group Fancy Bear.

Why it matters: The "cannon" malware uses email to communicate with its command and control server. That's not common in malware right now, says Jen Miller-Osborn, deputy director of threat Intelligence for the Palo Alto Networks Unit 42 research team, and doesn't appear to be something Fancy Bear has ever done before.

Details: Cannon is a new early phase of a multi-stage attack — it communicates basic information with command and control servers and downloads new malware.

  • It has only been observed in a single campaign. The malware was sent to government officials in North America, Europe and a former Soviet state, according to the Palo Alto Networks write-up.

The intrigue: "We don't know if this is a one-off, or a trojan we'll see again," said Miller-Osborn. "So we also don't know if the email technique is a one off, or something they are starting to use."