Several entirely new malware strains have been spotted
Researchers believe threat actors behind the sophisticated malware were well funded
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurityexperts have sounded the alarm over a global phishing campaign that has already targeted several organizations around the world using previously-unseenmalware.
Researchers at security firm Mandiant have published a detailed analysis of the campaign, noting that at least fifty organizations were targeted in two separate waves in December 2020.
Of note is the fact that the attacks deployed three completely new malware strains into their victim’s computers with the help of tailored phishing lures.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
Click here to start the survey in a new window«
“Based on the considerable infrastructure employed, tailored phishing lures and the professionally coded sophistication of the malware, this threat actor appears experienced and well resourced,” say the researchers.
Financially motivated
The researchers believe the threat actors behind the campaign employed considerable infrastructure to conduct the attacks, including the use of the about fiftydomainsto deliver the custom phishingemails.
It appears that while the campaign was global, a majority of the targets in both waves were in the US, though it also attacked organizations in EMEA (Europe, the Middle East, and Africa), Asia, and Australia regions.
The researchers note that the threat actors also invested time to tailor their attacks to make their phishing emails look as genuine messages from professionals their targets correspond with.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The phishing emails either contained links to aJavaScriptdownloader, named DOUBLEDRAG, or anExceldocument with an embedded macro that downloaded an in-memory PowerShell-based dropper, named DOUBLEDROP. The dropper bundles 32 and 64-bit variants of a backdoor, dubbed DOUBLEBACK.
Mandiant also notes that the malware used in the campaign not only attempts to evade detection by deploying its payload in-memory whenever possible, it is also heavily obfuscated to hinder analysis.
“Although Mandiant has no evidence about the objectives of this threat actor, their broad targeting across industries and geographies is consistent with a targeting calculus most commonly seen among financially motivated groups,” conclude the researchers.
ViaBleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
