Amid the ongoing war among Russia and Ukraine, govt, agriculture, and transportation businesses situated in Donetsk, Lugansk, and Crimea have been attacked as aspect of an active marketing campaign that drops a earlier unseen, modular framework dubbed CommonMagic.
“Whilst the first vector of compromise is unclear, the facts of the next phase indicate the use of spear phishing or very similar procedures,” Kaspersky reported in a new report.
The Russian cybersecurity enterprise, which detected the attacks in October 2022, is tracking the exercise cluster beneath the name “Lousy Magic.”
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Attack chains entail the use of booby-trapped URLS pointing to a ZIP archive hosted on a malicious web server. The file, when opened, incorporates a decoy document and a malicious LNK file that culminates in the deployment of a backdoor named PowerMagic.
Published in PowerShell, PowerMagic establishes speak to with a distant server and executes arbitrary commands, the outcomes of which are exfiltrated to cloud companies like Dropbox and Microsoft OneDrive.
PowerMagic also serves as a conduit to deliver the CommonMagic framework, a established of executable modules that are intended to have out precise jobs this kind of as interacting with the command-and-regulate (C2) server, encrypting and decrypting C2 traffic, and executing plugins.
Two of the plugins found so far appear with capabilities to seize screenshots each three seconds and acquire files of desire from related USB equipment.
Kaspersky explained it discovered no evidence linking the procedure and its tooling to any regarded danger actor or group.
Found this short article exciting? Adhere to us on Twitter and LinkedIn to read far more exceptional articles we submit.
Some areas of this posting are sourced from:
thehackernews.com