X

New Mac malware linked to Russian hackers of US election

APT28, blamed for the hack of the Democratic Party, releases Xagent malware that can steal iPhone backups.

Shara Tibken Former managing editor
Shara Tibken was a managing editor at CNET News, overseeing a team covering tech policy, EU tech, mobile and the digital divide. She previously covered mobile as a senior reporter at CNET and also wrote for Dow Jones Newswires and The Wall Street Journal. Shara is a native Midwesterner who still prefers "pop" over "soda."
Shara Tibken
2 min read
Sarah Tew/CNET

The same Russian hackers who were linked to the hacking of the US Democratic National Committee have now turned their attention to Apple's Macintosh computers.

APT28 has released new Xagent malware that creates backdoors into Macs, letting the hackers steal browser passwords, grab screenshots and nab iPhone backups stored on the computer, according to Romanian security software company Bitdefender.

"Currently we don't know what are the targeted organizations, but the links to the APT28 cybercrime group are obvious: The use of the same dropper/ downloader and similar command and control center URLs, as well as sine artifacts hardcoded in the binary files," Bitdefender said.

Apple didn't immediately respond to a request for comment.

APT28 is one of the Russian groups blamed for interference in the US election. It's also known as Fancy Bear, Sofacy, among other labels, and has been active since the mid-2000s, according to cybersecurity technology company CrowdStrike. It has been linked to the Russian government and has carried out attacks in the US, Western Europe, Brazil, Canada, China, Georgia, Iran, Japan, Malaysia and South Korea.

A report from the FBI and the Department of Homeland Security in December said APT28, which stands for "Advanced Persistent Threat," infiltrated the DNC's systems in the spring of 2016. Emails from John Podesta, a top adviser to Hillary Clinton, were leaked, as were data like speeches she gave to Goldman Sachs. Since that time, the US has looked into other possible interference from Russia in the election.

"APT28 is known for leveraging domains that closely mimic those of targeted organizations and tricking potential victims into entering legitimate credentials," the FBI and DHS said in their report. "Once APT28 and APT29 [another Russian hacking group] have access to victims, both groups exfiltrate and analyze information to gain intelligence value."

Does the Mac still matter?Apple execs tell why the MacBook Pro was over four years in the making, and why we should care.

Virtual reality 101: CNET tells you everything you need to know about VR.