Security News > 2022 > January > Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware
Prometheus, as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of malicious software distribution campaigns undertaken by cybercriminal groups to distribute Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish in Belgium and the U.S. Costing $250 a month, it's marketed on Russian underground forums as a traffic direction system to enable phishing redirection on a mass scale to rogue landing pages that are designed to deploy malware payloads on the targeted systems.
"Prometheus can be considered a full-bodied service/platform that allows threat groups to purvey their malware or phishing operations with ease," BlackBerry Research and Intelligence Team said in a report shared with The Hacker News.
"The main components of Prometheus include a web of malicious infrastructure, malicious email distribution, illicit file-hosting through legitimate services, traffic redirection and the ability to deliver malicious files."
Typically, the redirection is funneled from one of two main sources, namely with the help of malicious ads on legitimate websites, or via websites that have been tampered to insert malicious code.
In the case of Prometheus, the attack chain starts with a spam email containing a HTML file or a Google Docs page that, upon interaction, redirects the victim to a compromised website hosting a PHP backdoor that fingerprints the machine to determine whether the to "To serve the victim with malware or redirect them to another page that might contain a phishing scam."
"The volume of groups that are using offerings such as the Prometheus TDS, speak to the success and efficacy of these illicit infrastructure for hire services, which are in essence full-fledged enterprises that support the malicious activities of groups regardless of their size, level of resourcing or motives."
News URL
https://thehackernews.com/2022/01/russian-hackers-heavily-using-malicious.html
Related news
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Russians lure European diplomats into malware trap with wine-tasting invite (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)