Kaspersky detected a malware attacking Crimea and Donbass
[ad_1]
Sources in the Kaspersky Lab company reported the discovery of a new malware called CommonMagic, which, according to preliminary information, is used by hackers to attack Donbass and Crimea. According to cyber security experts, the cyber espionage campaign in these regions began as early as 2021 and targets government, agricultural and transportation organizations.
According to RBC, the attack begins with targeted phishing emails that come to victims’ emails on behalf of government agencies. These emails contain a link to a ZIP archive, which, when downloaded, contains two files: a harmless decoy document and a malicious LNK file with a double extension. When the shortcut is clicked, the PowerMagic backdoor penetrates the victim’s device, opens a remote folder in the public cloud and executes commands, after which it uploads the results back to the cloud. PowerMagic infiltrates the system and remains there even after rebooting the infected device.
A feature of this campaign is the use of cloud storage as a command and control infrastructure. Kaspersky Lab experts note that this threat must be investigated and continued to fight it.
[ad_2]
Source link
