In a blog post June 22, Deep Instinct’s Threat Research Lab said the dropper contains comments in Russian and uses the unique user-agent string “PindOS,” which potentially ties it to current and past anti-American sentiment in Russia.
IcedID has functioned as a modular banking malware that aims to steal financial information. It has been seen in the wild since at least 2017 and has recently been observed shifting some of its focus to malware delivery.
“The use of the unique user-agent string ‘PindOS’ and the presence of Russian comments in the dropper's code raise suspicions about potential connections to anti-American sentiment in Russia,” said Guenther. “And while it’s essential to consider geopolitical factors when analyzing cyber threats, attributing specific motives or affiliations solely based on these elements can be challenging.”
Wars, conflicts and political policy will always have impacts on the cybersecurity landscape and how threat actors pick their targets, but nine times out of 10, the motivation behind these cyberattacks is primarily monetary, with political messages added in as an aside or a distraction, said Zane Bond, head of product at Keeper Security.
Bond said in the digital age, organizations should proactively protect against all forms of malware and cyberthreats.
“The targets of and political messages in these attacks further proves that cybersecurity is national security and must be prioritized as such,” said Bond. “Protecting critical infrastructure and the services that people rely on from cyberattacks is as important as protecting it from physical attacks, because the consequences have the potential to be equally devastating.”