Russian state-sponsored hacking group Armageddon, also known as Gamaredon, has been identified by the Computer Emergency Response Team of Ukraine to have been launching two separate phishing campaigns targeted at Ukrainian organizations and European Union government agencies, according to BleepingComputer.
The CERT-UA reported that Armageddon had targeted Ukrainian government agencies with emails regarding "Information on war criminals of the Russian Federation" that includes an HTML attachment that if opened would trigger the creation and deployment of a RAR file with a LNK file that would download another VBScript code-laced HTA file with a PowerShell script that would then facilitate final payload retrieval.
Meanwhile, the EU-targeting campaign involved the delivery of the "Assistance" and "Necessary_military_assistance" RAR archive attachments with LNK files that prompt a similar infection chain to the one used in the Ukraine-targeted campaign.
The Latvian government has received at least one of the emails but more European governments are being targeted, the CERT-UA said.
Malware-free intrusions have become the leading cybersecurity threat against small- to medium-sized businesses, accounting for 56% of all cyber incidents during the third quarter, SiliconAngle reports.
Four high-severity Microsoft Exchange flaws reported by Trend Micro's Zero Day Initiative were noted by Microsoft to have been addressed or not need immediate servicing as required authentication would significantly reduce their odds of being exploited, SecurityWeek reports.
Email security: The current threat landscape, the latest tools/techniques
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news