At least three different advanced persistent threat (APT) groups from across the world have launched spear-phishing campaigns in mid-March 2022 using the ongoing Russo-Ukrainian war as a lure to distribute malware and steal sensitive information.
The campaigns, undertaken by El Machete, Lyceum, and SideWinder, have targeted a variety of sectors, including energy, financial, and governmental sectors in Nicaragua, Venezuela, Israel, Saudi Arabia, and Pakistan.
“The attackers use decoys ranging from official-looking documents to news articles or even job postings, depending on the targets and region,” Check Point Research said in a report. “Many of these lure documents utilize malicious macros or template injection to gain an initial foothold into the targeted organizations, and then launch malware attacks.”
The infection chains of El Machete, a Spanish-speaking threat actor first documented in August 2014 by Kaspersky, involve the use of macro-laced decoy documents to deploy an open-source remote access trojan called Loki.Rat that’s capable of harvesting keystrokes, credentials, and clipboard data as well as carrying out file operations and executing arbitrary commands. Read more:https://bit.ly/3NOrN3p