Wake up to Mike Allen’s AM, the 10 stories driving your day

Stories

New malware from Russia's Fancy Bear uses email to phone home

Researchers at Palo Alto Networks discovered new malware being used by the Kremlin-backed hacking group Fancy Bear.

Why it matters: The "cannon" malware uses email to communicate with its command and control server. That's not common in malware right now, says Jen Miller-Osborn, deputy director of threat Intelligence for the Palo Alto Networks Unit 42 research team, and doesn't appear to be something Fancy Bear has ever done before.

Details: Cannon is a new early phase of a multi-stage attack — it communicates basic information with command and control servers and downloads new malware.

  • It has only been observed in a single campaign. The malware was sent to government officials in North America, Europe and a former Soviet state, according to the Palo Alto Networks write-up.

The intrigue: "We don't know if this is a one-off, or a trojan we'll see again," said Miller-Osborn. "So we also don't know if the email technique is a one off, or something they are starting to use."

More stories loading.