Security News > 2021 > December > ‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems

Kaspersky researchers said in a Thursday report that from Jan. 20 to Nov. 10, the actors behind the vast campaign were targeting government organizations and industrial control systems across a range of industries, including engineering, building automation, energy, manufacturing, construction, utilities and water management.

The operators behind PseudoManuscrypt are using fake pirated software installer archives to initially download the spyware onto targets' systems.

"Such a large number of attacked systems is not characteristic of the Lazarus group or APT attacks as a whole," researchers noted.

The PseudoManuscrypt campaign attacks what they called "a significant number of industrial and government organizations, including enterprises in the military-industrial complex and research laboratories."

The PseudoManuscrypt malware loads its payload from the system registry and decrypts it, researchers explained, with the payload using a registry location that's unique to each infected system.

Kaspersky said that it can't say for sure whether the PseudoManuscrypt campaign is "Pursuing criminal mercenary goals or goals correlating with some governments' interests." Nevertheless, "The fact that attacked systems include computers of high-profile organizations in different countries makes us assess the threat level as high," researchers said.

News URL

https://threatpost.com/pseudomanuscrypt-mass-spyware-campaign/177097/