Russia-linked APT28 has changed up its tactics to include password-cracking and credential-harvesting. The group has attacked more than 200 organizations this year, including political campaigns, advocacy groups, parties and political consultants. The attacks have been aimed mainly at U.S. and U.K. organizations directly involved in political elections. Microsoft researchers say the group is using an anonymizer service to evade tracking and avoid attribution. The activity dovetails with other recent findings that hackers from Russia, China and Iran are ramping up phishing and malware attacks.
Source: https://threatpost.com/apt28-theft-office365-logins/159195/