Security News > 2021 > May > Microsoft: Russian hackers used 4 new malware in USAID phishing
Microsoft states that a Russian hacking group used four new malware families in recent phishing attacks impersonating the United States Agency for International Development.
In a second blog post released Friday night, Microsoft provides details on four new malware families used by Nobelium in these recent attacks.
Microsoft is tracking the BOOM.exe file in the ISO image as 'BoomBox,' and states that it is used to download two encrypted malware files to the infected device from DropBox.
Dll file as a new malware loader called 'NativeZone.
The fourth malware used in these attacks is called 'VaporRage,' and it is the CertPKIProvider.
When launched, the malware will connect back to a remote command and control server, where it will register itself with the attackers and then repeatedly connect back to the remote site for a shellcode to download. When shellcodes are downloaded, the malware will execute them to perform various malicious activities, including the deployment of Cobalt Strike beacons.
News URL
Related news
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)