Security News > 2022 > May > Researchers Find New Malware Attacks Targeting Russian Government Entities

An unknown advanced persistent threat group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022.

The cybersecurity company attributed the attacks with low confidence to a Chinese hacking group, citing infrastructure overlaps between the RAT and Sakula Rat malware used by a threat actor known as Deep Panda.

The attack chains, while leveraging different lures over the course of two months, all employed the same malware barring small differences in the source code.

The development once again demonstrates threat actors' capabilities to adapt and adjust their attacks to world events, using the most relevant and up-to-date lures to maximize their chances of success.

"Interestingly, the threat actor created the Facebook page in June 2021, nine months before it was used in this campaign," the researchers said.

The third iteration of the attack that followed made use of another malicious executable file - this time "Build rosteh4.exe" - in an attempt to pass off the malware as though it's from Rostec.

News URL

https://thehackernews.com/2022/05/researchers-find-new-malware-attacks.html