Security News > 2022 > June > Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine

The Computer Emergency Response Team of Ukraine has cautioned of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware.

Attributing the intrusions to a Russian nation-state group tracked as APT28, the agency said the attacks commence with a lure document titled "Nuclear Terrorism A Very Real Threat.rtf" that, when opened, exploits the recently disclosed vulnerability to download and execute a malware called CredoMap.

NET-based credential stealer that Google Threat Analysis Group divulged last month as having been deployed against users in Ukraine.

The malware's main purpose is to siphon data, including passwords and saved cookies, from several popular browsers such as Google Chrome, Microsoft Edge, and Mozilla Firefox.

"The target, and the involvement of APT28, a division of Russian military intelligence), suggests that campaign is a part of the conflict in Ukraine, or at the very least linked to the foreign policy and military objectives of the Russian state."

The development comes as Ukraine continues to be a target for cyberattacks amidst the country's ongoing war with Russia, with Armageddon hackers also spotted distributing the GammaLoad.PS1 v2 malware in May 2022.

News URL

https://thehackernews.com/2022/06/russian-hackers-exploiting-microsoft.html