Microsoft: Russian Hackers Used 4 New Malware in USAID Phishing

josephine

Bardzo aktywny
Zasłużony
Dołączył
14 Czerwiec 2020
Posty
3996
Reakcje/Polubienia
22132
Bleeping Computer: Microsoft: Russian Hackers Used 4 New Malware in USAID Phishing - By Lawrence Abrams - May 29, 2021

JMQC9M5.png


Microsoft states that a Russian hacking group used four new malware families in recent phishing attacks impersonating the United States Agency for International Development (USAID).

Thursday night, the Microsoft Threat Intelligence Center (MSTIC) disclosed that the Russian-backed hacking group APT29, also known as Nobelium, had compromised the Contact Contact account for USAID.

Using this legitimate marketing account, the threat actors impersonated USAID in phishing emails sent to approximately 3,000 email accounts at more than 150 different organizations, including government agencies and organizations devoted to international development, humanitarian, and human rights work.

New malware used by Nobelium

In a second blog post released Friday night,
Zaloguj lub Zarejestruj się aby zobaczyć!
on four new malware families used by Nobelium in these recent attacks.

The four new families include an HTML attachment named 'EnvyScout', a downloader known as 'BoomBox,' a loader known as 'NativeZone', and a shellcode downloader and launcher named 'VaporRage.'

EnvyScout

EnvyScout is a malicious HTML/JS file attachment used in spear-phishing emails that attempts to steal the NTLM credentials of Windows accounts and drops a malicious ISO on a victim's device.

Distributed as a file named NV.html, when opened, the HTML file will attempt to load an image from a file:// URL. When doing this, Windows may send the logged-in user's Windows NTLM credentials to the remote site, which attackers can capture and brute-force to reveal the plain text password.

Read More:
Zaloguj lub Zarejestruj się aby zobaczyć!
 
Do góry