The unnamed important energy infrastructure facility in Ukraine was the target of a cyberattack that was successfully thwarted, according to a report released on Tuesday by the Computer Emergency Response Team of Ukraine (CERT-UA).
According to the agency, the attack was started by a phishing email with a link to a malicious ZIP download, which started the infection process.
According to CERT-UA, clicking the link will cause a ZIP package containing three JPG pictures (decoys) and a BAT file titled “weblinks.cmd” to be downloaded to the victim’s PC. They blamed the Russian threat actor APT28, also known as BlueDelta, Fancy Bear, Forest Blizzard, or FROZENLAKE, for carrying out this attack.
Following the CMD file’s execution, the assault then launches a number of bogus web pages, generates.bat and.vbs files, and starts a VBS program that then launches a BAT file.
Following this step, the attackers use the “whoami” command to gather and exfiltrate the information from the compromised system. They download a TOR hidden service at the same time to direct harmful traffic through.
The attackers use a scheduled job to maintain persistence and remote command execution is made possible using cURL using the legitimate service webhook. site, which has recently been linked to the threat actor Dark Pink.
The attempt was unsuccessful, according to CERT-UA, since access to Mocky and the Windows Script Host (wscript.exe) was blocked. It’s important to note that APT28 has already been linked to the use of Mocky APIs.
This information is crucial given the continuing phishing campaign that targets Ukraine. Some of these assaults have been found to spread AsyncRAT using the commercial malware obfuscation program ScruptCrypt.
- Taiwanese Key Sectors Under Attack By China-Linked Flax Typhoon Cyber Espionage
- Cybersecurity Predictions for 2023
- Why Ransomware Protection Is Vital for Businesses
- WhatsApp Accounts on Counterfeit Phones Are Being Hacked Using Backdoors
- 7 Web Hosting Tips to Help Secure Your Site in 2023
- 9 Ways To Strengthen The Security Of Software Systems