![]() ![]() Evidence gathered by ESET shows that the malware has been selectively used since at least 2008. Prikormka is deployed via a dropper contained within malicious email attachments and features 13 different components to harvest various kinds of data from compromised machines. The espionage campaign, monitored by ESET under the moniker Operation Groundbait, primarily singled out anti-government separatists in Donetsk and Luhansk and Ukrainian government officials, politicians, and journalists. An Israeli-American cybersecurity firm said Monday that it uncovered a massive hacking operation, apparently led by a hacking group believed to be backed by China, that had engaged in. The group, profiled in a report this week from Israel-based ClearSky Cyber. New findings about a hacker group linked to cyber attacks targeting companies in the Russo-Ukrainian conflict area reveal that it may have been around for much longer than previously thought. Kaspersky said it identified source code overlaps between an older version of CloudWizard and another malware known as Prikormka, which was discovered by Slovak cybersecurity company ESET in 2016. One example is CopyKittens, a cyber espionage group with links to Iran that has been operating since at least 2013. Bad Magics Extended Reign in Cyber Espionage Goes Back Over a Decade. A web server is used as a fallback mechanism in the event none of the services are accessible. The information is transmitted in encrypted form to an actor-controlled cloud storage endpoint (OneDrive, Dropbox, or Google Drive). That said, the malware is configured to drop a Windows service ("syncobjsup.dll") and a second file ("mods.lrc"), which, in turn, contains three different modules to harvest and exfiltrate sensitive data. The initial access vector used to drop the first-stage installer is currently unknown. Yaron Rosen, former head of the IDF Cyber Staff and current fellow at the ICT, shared his insights on Irans increasingly extreme rhetoric regarding Israel. The campaign is characterized by the use of a novel modular framework codenamed CloudWizard, which features capabilities to take screenshots, record microphone, log keystrokes, grab passwords, and harvest Gmail inboxes.īad Magic was first documented by the company in March 2023, detailing the group's use of a backdoor called PowerMagic (aka DBoxShell or GraphShell) and a modular framework dubbed CommonMagic in attacks targeting Russian-occupied territories of Ukraine. "While the previous targets were primarily located in the Donetsk, Luhansk, and Crimea regions, the scope has now widened to include individuals, diplomatic entities, and research organizations in Western and Central Ukraine," Russian cybersecurity firm Kaspersky said in a technical report published last week. The threat actor, tracked as Bad Magic (aka Red Stinger), has not only been linked to a fresh sophisticated campaign, but also to an activity cluster that first came to light in May 2016.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |