Malware, Threat Management, Threat Management

Central Asian governments subjected to DownEx malware attacks

Central Asian government organizations have been compromised with the new DownEx malware as part of an active advanced cyberespionage campaign potentially linked to Russian state-sponsored threat actors, according to The Hacker News. Attackers have leveraged spear-phishing emails with diplomat-themed lures that contain a Microsoft Word file-spoofing loader executable, which then prompts the extraction of a decoy file and a malicious HTML application tasked with next-stage payload retrieval, a report from Bitdefender revealed. Aside from fetching persistence-establishing malware, attacks have also been using DownEx malware and other custom tools for post-exploitation activities. Researchers have also discovered another DownEx variant that uses VBS Script instead of C++ but similarly facilitates data exfiltration and transmission. "This is a fileless attack the DownEx script is executed in memory and never touches the disk. ... This attack highlights the sophistication of a modern cyberattack. Cybercriminals are finding new methods for making their attacks more reliable," said Bitdefender.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.