that aimed to deliver a tool used by the Silence group of hackers . The group is believed to have a background in legitimate infosec activities and access to documentation specific to the financial sector . The fraudulent emails purported to comeAttack.Phishingfrom the Central Bank of Russia ( CBR ) and contained a malicious attachment . The message body luredAttack.Phishingthe recipients to open the attachment in order to check the latest details on the `` standardization of the format of CBR 's electronic communications . '' Email authentication mechanism saves the day International cybersecurity company Group-IB investigated the attack and noticed that the style and format of the fake communication were very similar to the official CBR correspondence . This supports the theory that the attackers had accessAttack.Databreachto legitimate emails from CBR . If Silence hackers have any ties with the legal side of reverse engineering and penetration testing , it is very likely that they are familiar with the documentation used by financial institutions and with how banking systems work . In a report published today , Group-IB says that the attackers spoofedAttack.Phishingthe sender 's email address but the messages did not pass the DKIM ( DomainKeys Identified Mail ) validation . DKIM is a solution specifically designed to prevent forged email addresses by adding to the message a signature that confirms its authenticity . Banks see more spear-phishingAttack.Phishingfrom a different group The Silence hackers are not the only ones trying their spear-phishingAttack.Phishinggame on Russian banks . On October 23 , another notorious group , MoneyTaker , ran a similar campaign against the same type of targets . Their message spoofedAttack.Phishingan email address from the Financial Sector Computer Emergency Response Team ( FinCERT ) and contained five attachments disguised asAttack.Phishingdocuments from CBR . `` Three out of five files were empty decoy documents , but two contained a download for the Meterpreter Stager . To carry out the attack , hackers used self-signed SSL certificates , '' says Rustam Mirkasymov , Group-IB Head of Dynamic Analysis of malware department and threat intelligence expert . These clues , along with server infrastructure associated with the MoneyTaker group , allowed the security experts to identify the perpetrator . As in the case of Silence , this attacker is also thought to have had accessAttack.Databreachto CBR documents , most likely from compromised inboxes of Russian banks employees . This allowed them to craftAttack.Phishingmessages that would pass even eyes trained in spotting fraudulent emails . Silence and MoneyTaker are the most dangerous threats to banks According to Group-IB , multiple groups use the Central Bank of Russia in spear-phishingAttack.Phishingoperations , and for good reason , since the organization dictates regulations to financial institutions in the country and maintains a constant communication flow with them . Mirkasymov says that Silence and MoneyTaker are the most dangerous of all groups that threaten financial organizations . Referring to the latter , the expert says that its repertoire also includes drive-by attacks and testing the network for vulnerabilities . The goal is to access the internal nodes that enable them to withdraw money from ATMs , process cards or interbank transfers . Although Silence uses mainly phishingAttack.Phishing, they are more careful about craftingAttack.Phishingthe message , paying attention to both content and design , adds Group-IB 's threat intelligence expert .
Forrester , one of the world 's leading market research and investment advisory firms , admitted late Friday afternoon to a security breach that took place during the past week . The company says that a yet to be identified attacker ( or attackers ) has gained accessAttack.Databreachto the infrastructure hosting its website — Forrester.com . Forrester is using this website to allow customers to log in and download research specific to their contracts . The company provides statistics , trends , and other market research , which clients use to take decisions before launching new products or business endeavors . Attacker stoleAttack.Databreachsite credentials and stoleAttack.Databreachproprietary research Steven Peltzman , Forrester 's Chief Business Technology Officer , says the attacker stoleAttack.Databreachvalid Forrester.com user credentials that gave him access to Forrester.com accounts . `` The hacker used that access to stealAttack.Databreachresearch reports made available to our clients , '' he said . `` There is no evidence that confidential client data , financial information , or confidential employee data was accessed or exposedAttack.Databreachas part of the incident , '' Peltzman clarified . Even if no sensitive customer data was stolenAttack.Databreach, the market research information to which hackers had accessAttack.Databreachis very valuable in the hands of an economic espionage hacker group , allowing it to determine what technologies are Forrester 's customers working on , or what products they 're ready to launch . This information could then be resold on dark markets or competitors , or hackers could also use it to select future targets — companies that are ready to launch valuable products . `` We recognize that hackers will attack attractive targets — in this case , our research IP . We also understand there is a tradeoff between making it easy for our clients to access our research and security measures , '' said George F. Colony , Chairman and Chief Executive Officer of Forrester . `` We feel that we have taken a common-sense approach to those two priorities ; however , we will continuously look at that balance to respond to changing cybersecurity risk . '' Forrester is the fourth major financial and business entity that suffered or announced a security incident in the past month . The other three include credit rating and reporting firm Equifax , the US Securities and Exchange Commission ( SEC ) , and accounting , auditing , and corporate finance consulting firm Deloitte .
The IAAF said in a statement the hacking group known as Fancy Bear , which has been linked by western governments and security experts to a Russian spy agency blamed for some of the cyber operations that marred the 2016 U.S. election , was believed to be behind the attack of medical records in February . The hack targeted information concerning applications by athletics for Therapeutic Use Exemptions , the IAAF said . Athletes who had applied for TUEs since 2012 have been contacted and IAAF president , Sebastian Coe , apologized . ” Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential , ” Coe said in the statement . “ They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation ” . TUEs are issued by sports federations and national anti-doping organizations to allow athletes to take certain banned substances for verified medical needs . The IAAF said that data on athlete TUEs was “ collectedAttack.Databreachfrom a file server and stored on a newly created file ” . “ The attack by Fancy Bear , also known as APT28 , was detected during a proactive investigation carried out by cyber incident response ( CIR ) firm Context Information Security , ” the IAAF said . Private security firms and U.S. officials have said Fancy Bear works primarily on behalf of the GRU , Russia ’ s military intelligence agency . Fancy Bear could not be immediately reached for comment . The group and other Russian hackers were behind the cyber attacks during the U.S. presidential election last year that were intended to discredit Democratic candidate Hillary Clinton and help Donald Trump , a Republican , win , according to U.S. intelligence agencies . It was not known if the information was stolenAttack.Databreachfrom the network , the IAAF said , but the incident was “ a strong indication of the attackers ’ interest and intent , and shows they had accessAttack.Databreachand means to obtainAttack.Databreachcontent from this file at will ” . The attack was uncovered after British company Context Information Security conducted a investigation of the IAAF ’ s systems at the request of the athletics body . Context Information Security said in a separate statement that it was a “ sophisticated intrusion ” and that “ the IAAF have understood the importance and impact of the attack and have provided us comprehensive assistance ” . Last year , Fancy Bear hackedAttack.Databreachinto the World Anti-Doping Agency ( WADA ) database and publishedAttack.Databreachthe confidential medical records of several dozen athletes . Those included cyclist Bradley Wiggins , the 2012 Tour de France winner and Britain ’ s most decorated Olympian with eight medals , who was revealed to have used TUEs before some races . Wiggins retired last year under something of a cloud after it was revealed he took corticosteroid triamcinolone for asthma , although he broke no anti-doping rules . The IAAF banned Russia ’ s athletics federation after a WADA commission report found evidence of state-sponsored doping . Almost all Russia ’ s athletes missed the track and field events at the Rio Olympics last year and are likely to also miss the world athletics championships in London in August