Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals

    justmattgBy justmattgSeptember 25, 2023No Comments2 Mins Read

    [ad_1]

    Sep 25, 2023THNCyber Attack / Phishing

    Phishing Campaign

    Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin.

    “Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service manuals have begun to surface,” Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News.

    The cybersecurity company is tracking the campaign under the name STARK#VORTEX.

    The starting point of the attack is a Microsoft Compiled HTML Help (CHM) file that, when opened, runs malicious JavaScript embedded inside one of the HTML pages to execute PowerShell code designed to contact a remote server to fetch an obfuscated binary.

    Cybersecurity

    The Windows-based payload is decoded to extract the Merlin Agent, which, in turn, is configured to communicate with a command-and-control (C2) server for post-exploitation actions, effectively seizing control over the host.

    “While the attack chain is quite simple, the attackers leveraged some pretty complex TTPs and obfuscation methods in order to evade detection,” the researchers said.

    This is the first time Ukrainian government organizations have been targeted using Merlin. In early August 2023, the Computer Emergency Response Team of Ukraine (CERT-UA) disclosed a similar attack chain that employs CHM files as decoys to infect the computers with the open-source tool.

    Phishing Campaign

    CERT-UA attributed the intrusions to a threat actor it monitors under the name UAC-0154.

    “Files and documents used in the attack chain are very capable of bypassing defenses,” the researchers explained.

    UPCOMING WEBINAR

    Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools

    Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.

    Supercharge Your Skills

    “Typically receiving a Microsoft help file over the internet would be considered unusual. However, the attackers framed the lure documents to appear as something an unsuspecting victim might expect to appear in a help-themed document or file.”

    The development arrives weeks after the CERT-UA said it detected an unsuccessful cyber attack against an unnamed critical energy infrastructure facility in the country undertaken by the Russian state-sponsored crew called APT28.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleA Recipe for Accurate Bot Protection
    Next Article Harnessing AI Defenses Against AI-Powered Risks
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑