Threat Intelligence, Phishing

New phishing campaign targets Ukrainian military

Threat actors have targeted Ukrainian military organizations with a new STARK#VORTEX phishing campaign deploying the Merlin post-exploitation toolkit through malicious files purporting to be service manuals for unmanned aerial vehicles or drones, reports The Hacker News. Attacks commenced with the delivery of a Microsoft Compiled HTML Help file, which facilitates malicious JavaScript and PowerShell code execution, as well as extraction of the Merlin Agent for post-exploitation activities, according to a report from Securonix. Sophisticated tactics, techniques, and procedures, as well as obfuscation approaches, have also been utilized by attackers to bypass security systems, said researchers. "Typically receiving a Microsoft help file over the internet would be considered unusual. However, the attackers framed the lure documents to appear as something an unsuspecting victim might expect to appear in a help-themed document or file," researchers added. Ukrainian government entities were previously reported by the country's Computer Emergency Response Team to have been targeted by a similar attack chain using Merlin, which has been attributed to the UAC-0154 operation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.