Security News > 2024 > July > Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova
Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group known as XDSpy.
A subsequent analysis by ESET attributed the group to information-stealing attacks aimed at government agencies in Eastern Europe and the Balkans since 2011.
Attack chains mounted by the adversary are known to leverage spear-phishing emails in order to infiltrate their targets with a main malware module known as XDDown that, in turn, drops additional plugins for gathering system information, enumerating C: drive, monitoring external drives, exfiltrating local files, and gathering passwords.
Over the past year, XDSpy has been observed targeting Russian organizations with a C#-base dropper named UTask that's responsible for downloading a core module in the form of an executable that can fetch more payloads from a command-and-control server.
The latest set of attacks entails the use of phishing emails with agreement-related lures to propagate a RAR archive file that contains a legitimate executable and a malicious DLL file.
The onset of the Russo-Ukrainian war in 2022 has witnessed a significant escalation in cyber attacks on both sides, with Russian companies compromised by DarkWatchman RAT as well as by activity clusters tracked as Core Werewolf, Hellhounds, PhantomCore, Rare Wolf, ReaverBits, and Sticky Werewolf, among others in recent months.
News URL
https://thehackernews.com/2024/07/cyber-espionage-group-xdspy-targets.html
Related news
- RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations (source)
- Australian Defence Force Private and Husband Charged with Espionage for Russia (source)
- North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (source)
- University Professors Targeted by North Korean Cyber Espionage Group (source)