The Russian hacking toolkit includes other methods, such as creating a "watering hole." If hackers want to penetrate a network of an organization, they might first hack into the website of a nearby business that employees use, perhaps a restaurant.
"The attackers, if they gain access to that restaurant's website, they can just insert a line of code that tells the viewer's browser to go load another page," said Patrick Neighorn, head of global media relations for FireEye. That activity would be invisible to the victim, beginning a process of deeper control of a targeted computer.
The FireEye report says this technique "was used to compromise and infect visitors to numerous Polish government websites in 2014."
APT28 hackers can even beat vaunted two-factor authentication, which requires users not only to type in passwords but also to type ever-changing security codes, the report says.
They also can spoof a Google App authorization request, such as when a user visits a retail or other site that allows visitors to log on using Gmail accounts, the report says.
"In a matter of about 20 minutes ... they would have the entire contents of both your Google Drive and your Gmail account," Wrolstad said.
(c)2017 McClatchy Washington Bureau
Visit the McClatchy Washington Bureau at www.mcclatchydc.com
Distributed by Tribune Content Agency, LLC.