Hacking group Goffee, also known as Paper Werewolf, has targeted Russian military personnel and defense industry organizations with a malicious XLL file spreading the EchoGather backdoor as part of a cyberespionage campaign, according to The Record, a news site by cybersecurity firm Recorded Future.Malicious emails that involved either a fake concert invitation for senior military officers created with the help of AI or a fraudulent pricing justification request for state defense contracts purportedly from Russia's Ministry of Trade and Industry have been used to distribute an illicit XLL that injected EchoGather, which then exfiltrated system details and files to a food delivery site-spoofing command-and-control server, a report from Intezer showed."The threat actor appears to be actively exploring new methods to evade detection. However, there are still clear gaps in both technical execution and linguistic accuracy, indicating that their tradecraft is still developing," said Intezer researchers. The findings come after Goffee was reported by BI.ZONE and Kaspersky researchers to have exploited a WinRAR vulnerability to compromise Russian organizations and steal files via USB flash drives, respectively.
Threat Intelligence, Critical Infrastructure Security
Russian military subjected to new cyberespionage campaign

Credit: Adobe Stock Images
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



