Malware, Threat Management

Military contractors facing new attack campaign

Share

Numerous military contractors are being subjected to a new highly targeted attack campaign resulting in a multi-stage infection, BleepingComputer reports. Threat actors behind the campaign, which has a robust command-and-control infrastructure and extensively obfuscated PowerShell stagers, commence the attack with phishing emails sent to their targets' employees, with the messages including a ZIP attachment with a shortcut file that facilitates PowerShell script execution for malware deployment, according to a report from Securonix. Several techniques have been used for obfuscating the seven-stage PowerShell execution chain, including backtick obfuscation, byte value obfuscation, IEX obfuscation, reordering/symbol obfuscation, raw compression, reordering, and string replacement, researchers added. Moreover, various debugging and monitoring software-related processes are being scanned by the script, which also has system network adapter deactivation, Windows Firewall configuration, file deletion, and device shutdown capabilities. However, the report showed that devices with Russian or Chinese system language are not impacted by the malware. While the new attack has not yet been attributed to a particular threat actor, such a campaign was found to resemble previous attacks by APT37, also known as Konni.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.