Security News > 2023 > August > Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks
The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29.
"The threat actor used Zulip - an open-source chat application - for command-and-control, to evade and hide its activities behind legitimate web traffic," Dutch cybersecurity company EclecticIQ said in an analysis last week.
Should a potential target succumb to the phishing trap by opening the PDF file, a malicious HTML dropper called Invitation Farewell DE EMB is launched to execute JavaScript that drops a ZIP archive file, which, in turn, packs in an HTML Application file designed to deploy the Duke malware.
The development comes as the Computer Emergency Response Team of Ukraine warned of a new set of phishing attacks against state organizations of Ukraine using a Go-based open-source post-exploitation toolkit called Merlin.
"The capture of devices on the battlefield, their detailed examination, and the use of available access, and software became the primary vector for the initial access and malware distribution," the security agency said.
Some of the malware strains include NETD to ensure persistence, DROPBEAR to establish remote access, STL to gather data from the Starlink satellite system, DEBLIND to exfiltrate data, the Mirai botnet malware.
News URL
https://thehackernews.com/2023/08/russian-hackers-use-zulip-chat-app-for.html
Related news
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Europol Shuts Down iServer Phishing Scheme and Ghost Cybercrime Chat Platform (source)
- Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)