Russia-Ukraine war exploited by various APT groups

Advanced persistent threat groups El Machete, Lyceum, and SideWinder have exploited the ongoing Russian invasion of Ukraine in spearphishing campaigns targeted at organizations across various sectors around the world last month, The Hacker News reports. Check Point Research noted that different lures have been leveraged by the attackers depending on the targets and region. "Many of these lure documents utilize malicious macros or template injection to gain an initial foothold into the targeted organizations, and then launch malware attacks," said Check Point Research. Spanish-speaking APT El Machete has used macro-laced lures that facilitate the deployment of the Loki.Rat malware with keystroke, credential, and clipboard data harvesting capabilities. The report also showed that the phishing campaign of Iranian APT group Lyceum involved the delivery of messages regarding "Russian war crimes in Ukraine" that allow first-stage Golang and .NET dropper distribution. On the other hand, state-sponsored hacking group SideWinder has leveraged a document exploiting a Microsoft Office Equation Editor vulnerability for info-stealing malware spread. "This war affects multiple regions around the world and has potentially far-reaching ramifications. As a result, we can expect that APT threat actors will continue to use this crisis to conduct targeted phishing campaigns for espionage purposes," Check Point Research said.