Hacks

Researchers uncovered a new wave of an APT campaign that target the Indian financial institutions with the powerful Crimson RAT to compromise the network devices and exfiltrate the sensitive data. Crimson RAT was initially observed in 2016 that targeted the Indian diplomatic and military resources on behalf of APT attack, since then threat actors are continuously targeting the financial, healthcare, and space technology sectors. The recently observed campaign has specifically targeted the Indian Financial institutions with  spear-phishing  emails. Crimson RAT Infection Process  A Phishing email campaign contains a malicious attachment and the email send to a targeted organization in two different ways. A first method malformed Email campaign hit the target with a malicious link that pointed to PE (executable) file that contains two ZIP files with an embedded document. Once the payload executed by the victim, it automatically checks the OS version of the ...

Researchers discovered a new malicious activity that involved by Russian APT hackers to attack Government and Military officials in Ukrainian entities. The attacker’s targets are not limited but they also infect various individuals who is part of the government and Law enforcement, Journalists, Diplomats, NGO and the Ministry of Foreign Affairs. Researchers believe that the campaign attributed to Gamaredon activity in which attackers using Dynamic Domain Name Server as C2 server, VBA macro, and VBA script as a part of this attack. Threat actors using weaponized DOCX files during the intelligence collection in the target and its distributed via spearphishing emails. Gamaredon is using weaponized documents, sometimes retrieved from legitimate sources as the initial infection vector. Researchers observed the malicious sample that reveals the APT activity from at least September 2019 to November 25, 2019. Malware infection Process Researchers observed some of the lure do...