Security News > 2021 > May > Microsoft: Russian hackers used 4 new malware in USAID phishing
Microsoft states that a Russian hacking group used four new malware families in recent phishing attacks impersonating the United States Agency for International Development.
In a second blog post released Friday night, Microsoft provides details on four new malware families used by Nobelium in these recent attacks.
Microsoft is tracking the BOOM.exe file in the ISO image as 'BoomBox,' and states that it is used to download two encrypted malware files to the infected device from DropBox.
Dll file as a new malware loader called 'NativeZone.
The fourth malware used in these attacks is called 'VaporRage,' and it is the CertPKIProvider.
When launched, the malware will connect back to a remote command and control server, where it will register itself with the attackers and then repeatedly connect back to the remote site for a shellcode to download. When shellcodes are downloaded, the malware will execute them to perform various malicious activities, including the deployment of Cobalt Strike beacons.
News URL
Related news
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)