The Department of cyber security Estonia has accused hackers from Russia in the attack on the largest enterprise of the country oil shale processing — Viru Keemia Grupp (VKG). The statement Wednesday, March 29, quotes the edition of Postimees.
According to him, in 2016, in computer networks VKG was discovered suspicious activity in one of the appendices. In the subsequent checking, cybersecurity experts discovered the Mimikatz program that can be used to retrieve from RAM computers unencrypted passwords. In addition, it was discovered the app, which Mimikatz operated with a remote server and passed to it the data is extracted.
According to the publication, the investigation revealed that the attack is probably connected with the group APT28, also known as Fancy Bear, which is accused of links with the Main intelligence Directorate of the General staff of the Armed forces of the Russian Federation.
On the GitHub site where programmers share their source codes written applications, about Mimikatz says that the program is written by a man who only studied program language “C” and wrote it for a better mastery of programming. Interception of encrypted information, it does not support.