Malware, Vulnerability Management, Email security, Threat Management

Novel infostealer leveraged in Gamaredon attacks against Ukraine

Russia-linked hacking group Gamaredon has been targeting Ukrainian defense, government, and law enforcement agency employees in a new ongoing cyberespionage campaign leveraging an information stealing malware, reports The Hacker News. The phishing campaign involves the delivery of malicious Microsoft Word documents that use the ongoing Russia-Ukraine war as lure, according to a report from Cisco Talos. Opening the documents would prompt the execution of template-embedded macros that would then facilitate the retrieval of RAR files with LNK files, said researchers. The report also showed that intelligence briefings pertaining to the invasion of Ukraine have been used in the LNK files, which may lure victims into opening shortcuts that then prompt PowerShell beacon execution before finally resulting in the deployment of the information stealing malware. "The infostealer is a dual-purpose malware that includes capabilities for exfiltrating specific file types and deploying additional binary and script-based payloads on an infected endpoint," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.