Malware News Russian hackers are trying out this new malware against US and European targets

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,165
Content source
https://www.zdnet.com/article/russian-hackers-are-trying-out-new-malware-against-us-and-european-targets/
A new phishing campaign from a Russian-state backed hacking group targets American and European inboxes.

A Russian government-backed hacking group is distributing a new form of trojan malware as part of a cyber espionage campaign targeting the US and Europe, according to security researchers.

Named Cannon after references in the malicious code, the malware gathers system information and takes screenshots of infected PCs and has been operating since at least late October.

The campaign has been detailed by security analysts at security company Palo Alto Networks' Unit 42 research unit, who say Cannon is just one form of malware still being actively distributed by Sofacy - their codename for Fancy Bear, a group also known as APT28, a hacking group which is with strong links to the Kremlin.

The new campaign begins with phishing emails which reference the recent Lion Air crash just off the coast of Indonesia. The Microsoft Word document is named Lion Air Boeing 737.docx and claims to have an author named 'Joohn'. The reason this subject has been chosen for the lure is likely simply that people respond to emails which are related to current events.

If the user opens the attachment, they're told that the document was created in an earlier version of Microsoft Word and that macros need to be enabled in order to view it. By choosing to enable the macros, the process of installing the malware begins - however, in order to help evade detection, the malicious code isn't activated until after the Word session is closed.

This campaign has been spotted delivering two different forms of similar malware. One is Zebrocy, a trojan which has previously been observed being used as part of cyber espionage attempts working out of Russia.

The other is Cannon, with this campaign representing the first time the malware has been seen. It functions in a similar way to Zebrocy, by establishing communication with a command and control server which provides malware with instructions.
Click to expand...
 
  • Like
Reactions: Gandalf_The_Grey, Weebarra, JM Safe and 6 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Lazarus hackers breach aerospace firm with new LightlessCan malware
Replies
0
Views
1,530
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
    • Thanks
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments
Replies
0
Views
874
News Archive
silversurfer
silversurfer
[correlate]
    • Like
China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
Replies
0
Views
1,021
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top