Home Hacker Ukrainian Army Focused in Phishing Marketing campaign Leveraging Drone Manuals

Ukrainian Army Focused in Phishing Marketing campaign Leveraging Drone Manuals

0
Ukrainian Army Focused in Phishing Marketing campaign Leveraging Drone Manuals

Sep 25, 2023THNCyber Assault / Phishing

Phishing Campaign

Ukrainian navy entities are the goal of a phishing marketing campaign that leverages drone manuals as lures to ship a Go-based open-source post-exploitation toolkit referred to as Merlin.

“Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service manuals have begun to surface,” Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov stated in a report shared with The Hacker Information.

The cybersecurity firm is monitoring the marketing campaign underneath the title STARK#VORTEX.

The place to begin of the assault is a Microsoft Compiled HTML Assist (CHM) file that, when opened, runs malicious JavaScript embedded inside one of many HTML pages to execute PowerShell code designed to contact a distant server to fetch an obfuscated binary.

Cybersecurity

The Home windows-based payload is decoded to extract the Merlin Agentwhich, in flip, is configured to speak with a command-and-control (C2) server for post-exploitation actions, successfully seizing management over the host.

“While the attack chain is quite simple, the attackers leveraged some pretty complex TTPs and obfuscation methods in order to evade detection,” the researchers stated.

That is the primary time Ukrainian authorities organizations have been focused utilizing Merlin. In early August 2023, the Pc Emergency Response Staff of Ukraine (CERT-UA) disclosed the same assault chain that employs CHM information as decoys to contaminate the computer systems with the open-source device.

Phishing Campaign

CERT-UA attributed the intrusions to a menace actor it screens underneath the title UAC-0154.

“Files and documents used in the attack chain are very capable of bypassing defenses,” the researchers defined.

UPCOMING WEBINAR

Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools

Able to deal with new AI-driven cybersecurity challenges? Be part of our insightful webinar with Zscaler to deal with the rising menace of generative AI in cybersecurity.

Supercharge Your Skills

“Typically receiving a Microsoft help file over the internet would be considered unusual. However, the attackers framed the lure documents to appear as something an unsuspecting victim might expect to appear in a help-themed document or file.”

The event arrives weeks after the CERT-UA said it detected an unsuccessful cyber assault in opposition to an unnamed important vitality infrastructure facility within the nation undertaken by the Russian state-sponsored crew referred to as APT28.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.


Author: information@thehackernews.com (The Hacker Information)
Date: 2023-09-25 09:05:00

Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here