New SkinnyBoy malware used by Russian hackers to breach sensitive orgs

silversurfer

Level 84
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,552
Security researchers have discovered a new piece of malware called SkinnyBoy that was used in spear-phishing campaigns attributed to Russian-speaking hacking group APT28.

The threat actor, also known as Fancy Bear, Sednit, Sofacy, Strontium, or PwnStorm, used SkinnyBoy in attacks targeting military and government institutions earlier this year.

SkinnyBoy is intended for an intermediary stage of the attack, to collect information about the victim and to retrieve the next payload from the command and control (C2) server.

According to Cluster25 threat research company, APT28 likely started this campaign at the beginning of March, focusing on ministries of foreign affairs, embassies, defense industry, and the military sector.

Multiple victims are in the European Union but the researchers told BleepingComputer that the activity may have impacted organizations in the United States, too.

SkinnyBoy is delivered through a Microsoft Word document laced with a macro that extracts a DLL file acting as a malware downloader. [...]

EDIT: Sample #SkinnyBoy => VirusTotal
 
Last edited: