• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
operation rusty flag: azerbaijan targeted in new rust based malware campaign

Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign

You are here: Home / General Cyber Security News / Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign
September 19, 2023

Targets situated in Azerbaijan have been singled out as section of a new marketing campaign which is built to deploy Rust-dependent malware on compromised techniques.

Cybersecurity business Deep Instinct is tracking the procedure beneath the title Operation Rusty Flag. It has not been linked with any regarded threat actor or team.

“The operation has at minimum two distinct first access vectors,” security researchers Simon Kenin, Ron Ben Yizhak, and Mark Vaitzman reported in an examination published very last 7 days. “A person of the lures used in the operation is a modified doc that was utilised by the Storm-0978 group. This could be a deliberate ‘false flag.'”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Cybersecurity

The attack chain leverages an LNK file named 1.KARABAKH.jpg.lnk as a launchpad to retrieve a 2nd-stage payload, an MSI installer, hosted on Dropbox.

The installer file, for its section, drops an implant written in Rust, an XML file for a scheduled undertaking to execute the implant, and a decoy image file that attributes watermarks of the symbol of the Azerbaijan Ministry of Defense.

An alternate infection vector is a Microsoft Office doc named “Overview_of_UWCs_UkraineInNATO_marketing campaign.docx,” which exploits CVE-2017-11882, a 6-12 months-previous memory corruption vulnerability in Microsoft Office’s Equation Editor, to invoke a Dropbox URL hosting a distinct MSI file serving a variant of the very same Rust backdoor.

The use of Overview_of_UWCs_UkraineInNATO_campaign.docx is noteworthy, as a entice with the exact filename was leveraged by Storm-0978 (aka RomCom, Tropical Scorpius, UNC2596, and Void Rabisu) in latest cyber attacks focusing on Ukraine that exploit an Workplace remote code execution flaw (CVE-2023-36884).

Forthcoming WEBINARIdentity is the New Endpoint: Mastering SaaS Security in the Modern day Age

Dive deep into the potential of SaaS security with Maor Bin, CEO of Adaptive Defend. Find out why identification is the new endpoint. Secure your location now.

Supercharge Your Expertise

“This action seems like a deliberate false flag attempt to pin this attack on Storm-0978,” the scientists claimed.

The Rust backdoor, one of which masquerades as “WinDefenderHealth.exe,” will come fitted with abilities to get info from the compromised host and send it to an attacker-managed server.

The exact conclusion plans of the campaign continue being unclear at this phase. At the same time, the possibility that it could be a pink team exercising has not been discounted.

“Rust is turning into much more preferred among malware authors,” the scientists stated. “Security products are not yet detecting Rust malware precisely, and the reverse engineering procedure is more sophisticated.”

Uncovered this posting exciting? Stick to us on Twitter  and LinkedIn to study far more distinctive content we submit.


Some parts of this short article are sourced from:
thehackernews.com

Previous Post: «inside the code of a new xworm variant Inside the Code of a New XWorm Variant
Next Post: ShroudedSnooper’s HTTPSnoop Backdoor Targets Middle East Telecom Companies shroudedsnooper's httpsnoop backdoor targets middle east telecom companies»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.