Security News > 2022 > May > Researchers Find New Malware Attacks Targeting Russian Government Entities
An unknown advanced persistent threat group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022.
The cybersecurity company attributed the attacks with low confidence to a Chinese hacking group, citing infrastructure overlaps between the RAT and Sakula Rat malware used by a threat actor known as Deep Panda.
The attack chains, while leveraging different lures over the course of two months, all employed the same malware barring small differences in the source code.
The development once again demonstrates threat actors' capabilities to adapt and adjust their attacks to world events, using the most relevant and up-to-date lures to maximize their chances of success.
"Interestingly, the threat actor created the Facebook page in June 2021, nine months before it was used in this campaign," the researchers said.
The third iteration of the attack that followed made use of another malicious executable file - this time "Build rosteh4.exe" - in an attempt to pass off the malware as though it's from Rostec.
News URL
https://thehackernews.com/2022/05/researchers-find-new-malware-attacks.html
Related news
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)