Malware, Threat Intelligence

New Russian malware campaign sets sights on Ukrainian conscripts

Share
Credit: Adobe Stock Images

Credit: Adobe Stock Images

SecurityWeek reports that Ukrainian military conscripts have been targeted with Android and Windows malware as part of a new attack campaign by the Russian cyberespionage and influence operation UNC5812.

UNC5812 under the guise of "Civil Defense" on Telegram distributed free Ukrainian military recruiter locator software, which when downloaded on Android devices triggered the deployment of the CraxsRat backdoor, which has keystroke tracking, contact and credential exfiltration, and file and SMS management capabilities, as well as the decoy mapping app Sunspinner, according to a report from the Google Threat Intelligence Group. On the other hand, Windows machines targeted by UNC5812 were compromised with the Pronsis Loader malware, which facilitates injection of SunSpinner and PureStealer malware, which allows the theft of data from browsers and other apps. Aside from malware attacks, UNC5812 has also been using the Telegram channel for influence operations. "Consistent with research from EUvsDisinfo, we also continue to observe persistent efforts by pro-Russia influence actors to promote messaging undermining Ukraine’s mobilization drive," researchers said.

Related

Malicious npm packages spread BeaverTail malware

Most downloaded among the malicious packages was "blockscan-api," which is a backdoored copy of etherscan-api, followed by "passport-js," which is a backdoored passport copy, and the backdoored bcryptjs copy dubbed "bcrypts-js," an analysis from the Datadog Security Research team showed.

Novel toolset leveraged by Chinese cyberespionage gang to target cloud data

After leveraging numerous initial attack vectors, including vulnerability exploitation and DNS poisoning, to infiltrate targeted networks, Evasive Panda proceeds with the distribution of the MgBot and Nightdoor payloads, with the former leveraged to deploy 10 CloudScout modules, three of which target Google Drive, Gmail, and Microsoft Outlook, according to an analysis from ESET.

Operation Magnus dismantles Redline, Meta infostealers

Such crackdown efforts have enabled access to the infostealers' source code, including REST-API services, license servers, stealer binaries, and Telegram bots, as well as the IP addresses, credentials, and registration details of their users, said the agencies in a video posted on Operation Magnus website.

Related Events

Related Terms

CorruptionDNS SpoofingDeauthentication AttackDictionary AttackDomain HijackingDrive-by DownloadGoogle HackingHybrid AttackMorris WormReconnaissance

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.