Security News > 2022 > May > Hackers target Russian govt with fake Windows updates pushing RATs
Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware.
These operations spanned between February and April 2022, coinciding with the Russian invasion of Ukraine.
The first of the four campaigns attributed to this new APT began in February 2022, mere days after the Russian invasion of Ukraine, distributing the RAT under the name "Interactive map UA.exe".
According to Malwarebytes, this campaign had a narrow targeting as most of the associated emails reached employees of the RT TV station, a state-owned Russian television network.
The third campaign spoofs Rostec, a Russian state-owned defense conglomerate, and the actors used newly registered domains like "Rostec.digital" and fake Facebook accounts to spread their malware while making it look like it comes from the known entity.
Finally, in April 2022, the Chinese hackers switched to a macro-infected Word document containing a fake job advert by Saudi Aramco, a large oil and natural gas firm.
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)