Security News > 2023 > March > New 'Bad Magic' Cyber Threat Disrupts Ukraine's Key Sectors Amid War
Amid the ongoing war between Russia and Ukraine, government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea have been attacked as part of an active campaign that drops a previously unseen, modular framework dubbed CommonMagic.
"Although the initial vector of compromise is unclear, the details of the next stage imply the use of spear phishing or similar methods," Kaspersky said in a new report.
Attack chains entail the use of booby-trapped URLS pointing to a ZIP archive hosted on a malicious web server.
The file, when opened, contains a decoy document and a malicious LNK file that culminates in the deployment of a backdoor named PowerMagic.
PowerMagic also serves as a conduit to deliver the CommonMagic framework, a set of executable modules that are designed to carry out specific tasks such as interacting with the command-and-control server, encrypting and decrypting C2 traffic, and executing plugins.
Kaspersky said it found no evidence linking the operation and its tooling to any known threat actor or group.
News URL
https://thehackernews.com/2023/03/new-bad-magic-cyber-threat-disrupt.html