Security News > 2022 > May > Researchers Find New Malware Attacks Targeting Russian Government Entities
An unknown advanced persistent threat group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022.
The cybersecurity company attributed the attacks with low confidence to a Chinese hacking group, citing infrastructure overlaps between the RAT and Sakula Rat malware used by a threat actor known as Deep Panda.
The attack chains, while leveraging different lures over the course of two months, all employed the same malware barring small differences in the source code.
The development once again demonstrates threat actors' capabilities to adapt and adjust their attacks to world events, using the most relevant and up-to-date lures to maximize their chances of success.
"Interestingly, the threat actor created the Facebook page in June 2021, nine months before it was used in this campaign," the researchers said.
The third iteration of the attack that followed made use of another malicious executable file - this time "Build rosteh4.exe" - in an attempt to pass off the malware as though it's from Rostec.
News URL
https://thehackernews.com/2022/05/researchers-find-new-malware-attacks.html
Related news
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Disney Slack attack wasn't Russian protesters, just a Cali dude with malware (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Russians lure European diplomats into malware trap with wine-tasting invite (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)