Security News > 2022 > May > Hackers target Russian govt with fake Windows updates pushing RATs
Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware.
These operations spanned between February and April 2022, coinciding with the Russian invasion of Ukraine.
The first of the four campaigns attributed to this new APT began in February 2022, mere days after the Russian invasion of Ukraine, distributing the RAT under the name "Interactive map UA.exe".
According to Malwarebytes, this campaign had a narrow targeting as most of the associated emails reached employees of the RT TV station, a state-owned Russian television network.
The third campaign spoofs Rostec, a Russian state-owned defense conglomerate, and the actors used newly registered domains like "Rostec.digital" and fake Facebook accounts to spread their malware while making it look like it comes from the known entity.
Finally, in April 2022, the Chinese hackers switched to a macro-infected Word document containing a fake job advert by Saudi Aramco, a large oil and natural gas firm.
News URL
Related news
- Andariel Hackers Target South Korean Institutes with New Dora RAT Malware (source)
- New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems (source)
- Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor (source)
- U.S. indicts Russian GRU hacker, offers $10 million reward (source)
- TeamViewer links corporate cyberattack to Russian state hackers (source)
- CloudSorcerer hackers abuse cloud services to steal Russian govt data (source)