Security News > 2022 > May > Researchers Find New Malware Attacks Targeting Russian Government Entities
An unknown advanced persistent threat group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022.
The cybersecurity company attributed the attacks with low confidence to a Chinese hacking group, citing infrastructure overlaps between the RAT and Sakula Rat malware used by a threat actor known as Deep Panda.
The attack chains, while leveraging different lures over the course of two months, all employed the same malware barring small differences in the source code.
The development once again demonstrates threat actors' capabilities to adapt and adjust their attacks to world events, using the most relevant and up-to-date lures to maximize their chances of success.
"Interestingly, the threat actor created the Facebook page in June 2021, nine months before it was used in this campaign," the researchers said.
The third iteration of the attack that followed made use of another malicious executable file - this time "Build rosteh4.exe" - in an attempt to pass off the malware as though it's from Rostec.
News URL
https://thehackernews.com/2022/05/researchers-find-new-malware-attacks.html
Related news
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
- Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian charged by U.S. for creating RedLine infostealer malware (source)
- Uncle Sam outs a Russian accused of developing Redline infostealing malware (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)