Security News > 2020 > December > Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware
A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage.
Linking the operation to a sub-group of APT28, cybersecurity firm Intezer said the pandemic-themed phishing emails were employed to deliver the Go version of Zebrocy malware.
Zebrocy is delivered primarily via phishing attacks that contain decoy Microsoft Office documents with macros as well as executable file attachments.
The second file is an executable that masquerades as a Word document that, when opened, runs the Zebrocy malware.
The Golang version of the Zebrocy backdoor also caught the attention of the US Cybersecurity and Infrastructure Security Agency, which released an advisory in late October, cautioning that the malware is "Designed to allow a remote operator to perform various functions on the compromised system."
News URL
Related news
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- EU sanctions Russian GRU hackers for cyberattacks against Estonia (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)