Russia-linked hacking group Gamaredon has been targeting Ukrainian defense, government, and law enforcement agency employees in a new ongoing cyberespionage campaign leveraging an information stealing malware, reports The Hacker News.
The phishing campaign involves the delivery of malicious Microsoft Word documents that use the ongoing Russia-Ukraine war as lure, according to a report from Cisco Talos. Opening the documents would prompt the execution of template-embedded macros that would then facilitate the retrieval of RAR files with LNK files, said researchers.
The report also showed that intelligence briefings pertaining to the invasion of Ukraine have been used in the LNK files, which may lure victims into opening shortcuts that then prompt PowerShell beacon execution before finally resulting in the deployment of the information stealing malware.
"The infostealer is a dual-purpose malware that includes capabilities for exfiltrating specific file types and deploying additional binary and script-based payloads on an infected endpoint," said researchers.
ReversingLabs researchers discovered that legitimate CSS-based software library Material Tailwind has been impersonated by a malicious NPM package, indicating continued malware distribution efforts in open source software repositories, The Hacker News reports.