Threat actors have targeted Ukrainian military organizations with a new STARK#VORTEX phishing campaign deploying the Merlin post-exploitation toolkit through malicious files purporting to be service manuals for unmanned aerial vehicles or drones, reports The Hacker News.
Attacks commenced with the delivery of a Microsoft Compiled HTML Help file, which facilitates malicious JavaScript and PowerShell code execution, as well as extraction of the Merlin Agent for post-exploitation activities, according to a report from Securonix.
Sophisticated tactics, techniques, and procedures, as well as obfuscation approaches, have also been utilized by attackers to bypass security systems, said researchers.
"Typically receiving a Microsoft help file over the internet would be considered unusual. However, the attackers framed the lure documents to appear as something an unsuspecting victim might expect to appear in a help-themed document or file," researchers added.
Ukrainian government entities were previously reported by the country's Computer Emergency Response Team to have been targeted by a similar attack chain using Merlin, which has been attributed to the UAC-0154 operation.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds