Security News > 2023 > May > Sophisticated DownEx Malware Campaign Targeting Central Asian Governments

Government organizations in Central Asia are the target of a sophisticated espionage campaign that leverages a previously undocumented strain of malware dubbed DownEx.

The Romanian cybersecurity firm said it first detected the malware in a highly targeted attack aimed at foreign government institutions in Kazakhstan in late 2022.

The initial intrusion vector for the campaign is suspected to be a spear-phishing email bearing a booby-trapped payload, which is a loader executable that masquerades as a Microsoft Word file.

The HTA file, for its part, is designed to establish contact with a remote command-and-control server to retrieve a next-stage payload. While the exact nature of the malware is not unknown, it's said to be a backdoor to establish persistence.

Two C/C++-based binaries to enumerate all the resources on a network, A Python script to establish an infinite communication loop with the C2 server and receive instructions to steal files with certain extensions, delete files created by other malware, and capture screenshots, and.

A C++-based malware that's chiefly designed to exfiltrate files to the C2 server.

News URL

https://thehackernews.com/2023/05/sophisticated-downex-malware-campaign.html