Security News > 2021 > May > Microsoft: Russian hackers used 4 new malware in USAID phishing

Microsoft states that a Russian hacking group used four new malware families in recent phishing attacks impersonating the United States Agency for International Development.
In a second blog post released Friday night, Microsoft provides details on four new malware families used by Nobelium in these recent attacks.
Microsoft is tracking the BOOM.exe file in the ISO image as 'BoomBox,' and states that it is used to download two encrypted malware files to the infected device from DropBox.
Dll file as a new malware loader called 'NativeZone.
The fourth malware used in these attacks is called 'VaporRage,' and it is the CertPKIProvider.
When launched, the malware will connect back to a remote command and control server, where it will register itself with the attackers and then repeatedly connect back to the remote site for a shellcode to download. When shellcodes are downloaded, the malware will execute them to perform various malicious activities, including the deployment of Cobalt Strike beacons.
News URL
Related news
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users (source)