Hackers are targeting Russian government agencies with phishing emails posing as Windows Updates to trick victims into installing a Remote Access Tool (RAT). The attack, from a previously unknown APT group, ran from February to April 2022, targeting installations of RATs for subsequent espionage. The APT group’s first wave of attacks began in February, with attackers spreading RAT tools under the name interactive_map_UA.exe. The second wave of attacks sent tar.gz archives in the name of fixing the just-disclosed Log4Shell vulnerability, emailed primarily to RT employees, and containing warnings not to open suspicious emails. The third wave of attacks disguised itself as the defense company Russian Federation Technology and Industry. The fourth wave of attacks impersonated oil giant Saudi Aramco’s job advertisements, attached as Word documents but containing macro viruses.
This article is reprinted from: https://www.solidot.org/story?sid=71639
This site is for inclusion only, and the copyright belongs to the original author.