The Computer Crisis Reaction Team of Ukraine (CERT-UA) has warned of a new wave of social engineering strategies delivering IcedID malware and leveraging Zimbra exploits with the purpose of thieving delicate facts.
Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, the company reported the infection sequence starts with an email that contains a Microsoft Excel doc (Мобілізаційний реєстр.xls or Mobilization Sign up.xls) that, when opened, prompts the buyers to enable macros, main to the deployment of IcedID.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The info-thieving malware, also recognized as BokBot, has adopted a equivalent trajectory to that of TrickBot, Emotet, and ZLoader, evolving from its before roots as a banking trojan to a whole-fledged crimeware support that services the retrieval of subsequent-stage implants this sort of as ransomware.
The next set of qualified intrusions relate to a new menace group dubbed UAC-0097, with the email including a number of image attachments with a Content-Locale header pointing to a distant server hosting a piece of JavaScript code that activates an exploit for a Zimbra cross-website scripting vulnerability (CVE-2018-6882).
In the closing stage of the attack chain, the injected rogue JavaScript is utilised to forward victims’ email messages to an email deal with less than the danger actor’s handle, indicating a cyber espionage campaign.
The incursions are a continuation of destructive cyber routines targeting Ukraine because the start out of the calendar year. Not too long ago, CERT-UA also disclosed that it experienced foiled a cyberattack by Russian adversaries to sabotage the functions of an unnamed electrical power provider in the nation.
Uncovered this short article attention-grabbing? Stick to THN on Fb, Twitter and LinkedIn to examine a lot more distinctive content we write-up.
Some pieces of this posting are sourced from:
thehackernews.com