The hacking team behind a cyberattack which impacted the Winter Olympic Games is back with an updated cache of droppers and hacking tools.
This week,
researchers from Check Point said that Hades, the advanced persistence threat (APT) group believed to be behind an attack this year levied against systems used in the Winter Olympic Games, has begun a potential evolutionary shift.
"Over the last few weeks, we have noticed new activity from Hades," the researchers say. "This new wave of attack shares a lot with those previously attributed to the group but it seems that this time we are witnessing significant changes that may hint at a new evolution from the group."
A selection of new samples gathered by Check Point have revealed the refinement of macros, often embedded in malicious documents spread via phishing campaigns, which have been made more complex over time.
In the original campaign, the macros only used subtraction encoding, but now they have been improved with Hex2Text encoding and dummy functions, as well as functionality boosts in PowerShell script builders and launch processes.
