Security News > 2022 > April > Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware

At least three different advanced persistent threat groups from across the world have launched spear-phishing campaigns in mid-March 2022 using the ongoing Russo-Ukrainian war as a lure to distribute malware and steal sensitive information.

"Many of these lure documents utilize malicious macros or template injection to gain an initial foothold into the targeted organizations, and then launch malware attacks."

The infection chains of El Machete, a Spanish-speaking threat actor first documented in August 2014 by Kaspersky, involve the use of macro-laced decoy documents to deploy an open-source remote access trojan called Loki.Rat that's capable of harvesting keystrokes, credentials, and clipboard data as well as carrying out file operations and executing arbitrary commands.

The attack sequence, in this case, employs a weaponized document that exploits the Equation Editor flaw in Microsoft Office to distribute information stealing malware.

The findings echo similar warnings from Google's Threat Analysis Group, which disclosed that nation-state-backed threat groups from Iran, China, North Korea, and Russia and numerous other criminal and financially motivated actors are leveraging war-related themes in phishing campaigns, online extortion attempts, and other malicious activities.

"This war affects multiple regions around the world and has potentially far-reaching ramifications. As a result, we can expect that APT threat actors will continue to use this crisis to conduct targeted phishing campaigns for espionage purposes."

News URL

https://thehackernews.com/2022/04/multiple-hacker-groups-capitalizing-on.html