The Computer Emergency Response Team of Ukraine (CERT-UA) warns of phishing attacks aimed at organizations in the country using the topic “Azovstal”.
The phishing message use the subject “Azovstal” and a weaponized office document. Upon opening the attachment and enabling the macro, it will start the infection process. The malicious code will download, create on disk and run the malicious DLL “pe.dll”.
The last stage malware installed on the infected systems is a Cobalt Strike Beacon that allows attackers to take over them.
The analysis of encryption techniques employed in the attack allowed the government experts to associate the campaign with the cybercrime group Trickbot.
Since February the notorious cybercrime operation Trickbot is controlled by Conti ransomware, the ransomware gang that publicly announced its support to Russia after the invasion of Ukraine by Russian cyber militaries.
The alert published by the Ukraine CERT-UA includes Indicators of Compromise (IoCs) for this campaign and recommendations.
Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Ukraine)
[adrotate banner=”5″]
[adrotate banner=”13″]
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.