Security News > 2021 > May > Microsoft: Russian hackers used 4 new malware in USAID phishing

Microsoft states that a Russian hacking group used four new malware families in recent phishing attacks impersonating the United States Agency for International Development.
In a second blog post released Friday night, Microsoft provides details on four new malware families used by Nobelium in these recent attacks.
Microsoft is tracking the BOOM.exe file in the ISO image as 'BoomBox,' and states that it is used to download two encrypted malware files to the infected device from DropBox.
Dll file as a new malware loader called 'NativeZone.
The fourth malware used in these attacks is called 'VaporRage,' and it is the CertPKIProvider.
When launched, the malware will connect back to a remote command and control server, where it will register itself with the attackers and then repeatedly connect back to the remote site for a shellcode to download. When shellcodes are downloaded, the malware will execute them to perform various malicious activities, including the deployment of Cobalt Strike beacons.
News URL
Related news
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)