The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT.
The malspam messages have the topic “Free primary legal aid” use a password-protected attachment “Algorithm of actions of members of the family of a missing serviceman LegalAid.rar.”
The RAR archive analyzed by the Ukrainian CERT-UA contains the document “Algorithm_LegalAid.xlsm.” Upon opening the document and enabling the macro, a PowerShell command will be executed. The script will download and run the .NET bootloader “MSCommondll.exe,” which in turn will download and run the malware DarkCrystal RAT.
“Based on the email addresses of e-mail recipients, as well as the domain management DarkCrystal RAT, we assume that the attack is aimed at operators and telecommunications providers of Ukraine. During the previous attack, on June 10, 2022, media organizations of Ukraine ( CERT-UA # 4797 ) were the objects of interest of malefactors.” states the alert published by CERT-UA.
The report also includes indicators of compromise for this threat.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, RAT)
[adrotate banner=”5″]
[adrotate banner=”13″]
Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread…
The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major…
ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its…
Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats…
Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a…
GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a…
This website uses cookies.
