Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
EastWind Spear-Phishing Storm: Russian IT Under Siege by Sneaky Trojans and Backdoors
EastWind campaign targets Russian IT with backdoors and trojans via spear-phishing. Malicious LNK files exploit DLL side-loading, deploying malware like GrewApacha and CloudSorcerer. New implant PlugY supports multiple communication protocols. Kaspersky highlights the use of popular services for command servers and a watering hole attack…
Hot Take:
Looks like the Russians just took a vacation to the malware-filled coast of EastWind. They might need a bigger umbrella for all this cyber-rain!
Key Points:
- EastWind spear-phishing campaign targets Russian government and IT organizations.
- Attack chain initiated via RAR archive with LNK file, leading to malware deployment.
- Malware includes GrewApacha, updated CloudSorcerer, and new implant PlugY.
- Malware uses DLL side-loading and Dropbox for communication and payload delivery.
- CMoon worm linked to watering hole attack, targeting gas supply site in Russia.
Already a member? Log in here