Security News > 2022 > May > Hackers target Russian govt with fake Windows updates pushing RATs
Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware.
These operations spanned between February and April 2022, coinciding with the Russian invasion of Ukraine.
The first of the four campaigns attributed to this new APT began in February 2022, mere days after the Russian invasion of Ukraine, distributing the RAT under the name "Interactive map UA.exe".
According to Malwarebytes, this campaign had a narrow targeting as most of the associated emails reached employees of the RT TV station, a state-owned Russian television network.
The third campaign spoofs Rostec, a Russian state-owned defense conglomerate, and the actors used newly registered domains like "Rostec.digital" and fake Facebook accounts to spread their malware while making it look like it comes from the known entity.
Finally, in April 2022, the Chinese hackers switched to a macro-infected Word document containing a fake job advert by Saudi Aramco, a large oil and natural gas firm.
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)