New Hacking Campaign Targeting Ukrainian Government with IcedID Malware

The Computer Crisis Reaction Team of Ukraine (CERT-UA) has warned of a new wave of social engineering strategies delivering IcedID malware and leveraging Zimbra exploits with the purpose of thieving delicate facts.

Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, the company reported the infection sequence starts with an email that contains a Microsoft Excel doc (Мобілізаційний реєстр.xls or Mobilization Sign up.xls) that, when opened, prompts the buyers to enable macros, main to the deployment of IcedID.

The info-thieving malware, also recognized as BokBot, has adopted a equivalent trajectory to that of TrickBot, Emotet, and ZLoader, evolving from its before roots as a banking trojan to a whole-fledged crimeware support that services the retrieval of subsequent-stage implants this sort of as ransomware.

The next set of qualified intrusions relate to a new menace group dubbed UAC-0097, with the email including a number of image attachments with a Content-Locale header pointing to a distant server hosting a piece of JavaScript code that activates an exploit for a Zimbra cross-website scripting vulnerability (CVE-2018-6882).

In the closing stage of the attack chain, the injected rogue JavaScript is utilised to forward victims’ email messages to an email deal with less than the danger actor’s handle, indicating a cyber espionage campaign.

The incursions are a continuation of destructive cyber routines targeting Ukraine because the start out of the calendar year. Not too long ago, CERT-UA also disclosed that it experienced foiled a cyberattack by Russian adversaries to sabotage the functions of an unnamed electrical power provider in the nation.

Uncovered this short article attention-grabbing? Stick to THN on Fb, Twitter  and LinkedIn to examine a lot more distinctive content we write-up.

Some pieces of this posting are sourced from:
thehackernews.com