Security News > 2022 > May > Hackers target Russian govt with fake Windows updates pushing RATs
Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware.
These operations spanned between February and April 2022, coinciding with the Russian invasion of Ukraine.
The first of the four campaigns attributed to this new APT began in February 2022, mere days after the Russian invasion of Ukraine, distributing the RAT under the name "Interactive map UA.exe".
According to Malwarebytes, this campaign had a narrow targeting as most of the associated emails reached employees of the RT TV station, a state-owned Russian television network.
The third campaign spoofs Rostec, a Russian state-owned defense conglomerate, and the actors used newly registered domains like "Rostec.digital" and fake Facebook accounts to spread their malware while making it look like it comes from the known entity.
Finally, in April 2022, the Chinese hackers switched to a macro-infected Word document containing a fake job advert by Saudi Aramco, a large oil and natural gas firm.
News URL
Related news
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- Hackers use Windows RID hijacking to create hidden admin account (source)
- EU sanctions Russian GRU hackers for cyberattacks against Estonia (source)
- Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections (source)