Attacks deploying the Formbook malware have been launched as part of separate phishing campaigns, according to The Hacker News.Industrial, financial, biotechnology, retail, research, and trade entities in Russia, Belarus, and Kazakhstan have been targeted by the newly emergent ComicForm hacking operation in intrusions involving the distribution of illicit emails with invoice and document lures that include RR archive attachments, a report from cybersecurity firm F6 showed.Opening such an archive leads victims to a PDF-spoofing executable that launches a nefarious DLL executing a Formbook malware loader. Other attacks entailed phishing emails with links redirecting to bogus websites that sought to obtain targets' email addresses and credentials.Another analysis from the NSHC Threat Recon Team noted South Korean manufacturing, energy, and semiconductor firms to have been subjected to a spear-phishing campaign by pro-Russian hacking group SectorJ149, also known as UAC-0050, that spread Formbook, Lumma Stealer, and Remcos RAT via Microsoft Cabinet archive-spoofing Visual Basic Script.
