Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

Fake antivirus updates used to deploy malware in Ukraine

14 Марта 2023 года Hi-network.com

Ukraine's Computer Emergency Response Team (CERT-UA) warned that threat actors are using fake Windows antivirus updates to install Cobalt Strike and other malware in Ukraine. The phishing emails, which impersonate Ukrainian government agencies, propose a way to increase network security and advise recipients to download the BitdefenderWindowsUpdatePackage.exe., falsely dubbed a 'critical security update'. 

When executed, the malware downloads and installs a Cobalt Strike beacon. The malware also downloads a Go downloader (dropper.exe), which then decodes and executes a secondary file (java-sdk.exe). This secondary file modifies the registry of the infected system to establish persistence and downloads two additional payloads, the GraphSteel backdoor (microsoft-cortana.exe) and the GrimPlant backdoor (oracle-java.exe).

CERT-UA associates the malicious activity with the UAC-0056 group, also known as 'Lorec53', a sophisticated Russian-speaking threat group, with medium confidence.

tag-icon Горячие метки: Безопасность в сети Конфликт в украине: цифровые и кибер-аспекты

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.