Numerous military contractors are being subjected to a new highly targeted attack campaign resulting in a multi-stage infection, BleepingComputer reports.
Threat actors behind the campaign, which has a robust command-and-control infrastructure and extensively obfuscated PowerShell stagers, commence the attack with phishing emails sent to their targets' employees, with the messages including a ZIP attachment with a shortcut file that facilitates PowerShell script execution for malware deployment, according to a report from Securonix.
Several techniques have been used for obfuscating the seven-stage PowerShell execution chain, including backtick obfuscation, byte value obfuscation, IEX obfuscation, reordering/symbol obfuscation, raw compression, reordering, and string replacement, researchers added.
Moreover, various debugging and monitoring software-related processes are being scanned by the script, which also has system network adapter deactivation, Windows Firewall configuration, file deletion, and device shutdown capabilities.
However, the report showed that devices with Russian or Chinese system language are not impacted by the malware. While the new attack has not yet been attributed to a particular threat actor, such a campaign was found to resemble previous attacks by APT37, also known as Konni.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news