TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Fitbit’s old-school, OLED-equipped Inspire 3 is down to just $80

    June 10, 2023

    Animoca Brands to Focus on Markets Outside U.S. after SEC Labels Sand Cryptocurrency an Unregistered Security

    June 8, 2023

    Wildfire smoke makes New York air quality worst in the world

    June 7, 2023
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Fitbit’s old-school, OLED-equipped Inspire 3 is down to just $80

      June 10, 2023

      Walmart’s taking a rare $20 off of a set of four AirTags

      June 1, 2023

      The M1 Pro 16-inch MacBook Pro with 1TB of storage is $800 off today

      May 22, 2023

      Google, how do I ask your AI the right questions?

      May 14, 2023

      Where to preorder The Legend of Zelda: Tears of the Kingdom

      May 6, 2023
    • Business
    • Cyber Security

      Hackers exploit bug in Elementor Pro WordPress plugin

      June 2, 2023

      15 million public-facing services vulnerable to CISA KEV flaws

      May 23, 2023

      HP to patch critical bug in LaserJet printers within 90 days

      May 15, 2023

      Hackers can open Nexx garage doors remotely, and there’s no fix

      May 7, 2023

      Microsoft April 2023 Patch Tuesday fixes 1 zero-day, 97 flaws

      April 29, 2023
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Social Engineering»New DownEx malware campaign targets Central Asia
    Social Engineering

    New DownEx malware campaign targets Central Asia

    May 16, 2023Updated:May 16, 2023No Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email

    A previously undocumented malware campaign called DownEx has been observed actively targeting government institutions in Central Asia for cyberespionage, according to a report by Bitdefender. 

    The first instance of the malware was detected in 2022 in a highly targeted attack aimed at exfiltrating data from foreign government institutions in Kazakhstan. Researchers observed another attack in Afghanistan.

    “The domain and IP addresses involved do not appear in any previously documented incidents, and the malware does not share any code similarities with previously known malicious software,” Bitdefender said in its report. 

    The researchers say that the attack highlights the sophistication of a modern cyberattack. “Cybercriminals are finding new methods for making their attacks more reliable,” Bitdefender said.

    Based on the specific targets of the attacks, document metadata that impersonates a real diplomat, and the primary focus being on data exfiltration, researchers believe that a state-sponsored group is responsible for these incidents. While the attacks have not been attributed to any specific threat actor, it is likely that a Russian group is responsible for the attacks.

    “One clue pointing at the origin of the attack is the use of a cracked version of Microsoft Office 2016 popular in Russian-speaking countries (known as “SPecialisST RePack” or “Russian RePack by SPecialiST”), Bitdefender said, adding that it is also unusual to see the same backdoor written in two languages. This practice was previously observed with group APT28 (Russia-based) with their backdoor Zebrocy. 

    It is likely that the initial access method used by the group is phishing emails.

    Initial access gained through social engineering 

    Researchers say that most likely the threat actors used social engineering techniques to deliver a spear-phishing email with a malicious payload as the initial access vector. 

    “The attack used a simple technique of using an icon file associated with .docx files to masquerade an executable file as a Microsoft Word document,” Bitdefender said.

    When the victim opens the attachment two files are downloaded, a lure document that’s displayed to the victim and a malicious HTML application with the embedded code that runs in the background. The payload is designed to establish communication with the command-and-control servers. 

    “The download of the next stage failed, and we have not been able to retrieve the payload from the command and control (C2) server. Based on our analysis of similar attacks, we expect threat actors tried to download backdoor to establish persistence,” Bitdefender said.

    Exfiltration of data

    Upon execution, DownEx moves laterally across local and network drives to extract files from Word, Excel, and PowerPoint documents, images and videos, compressed files, and PDFs. It also looks for encryption keys and QuickBooks log files.

    DownEx exfiltrates data using a password-protected zip archive, limiting the size of each archive to 30 MB. In some cases multiple archives were exfiltrated, the researchers observed.

    “This is a fileless attack – the DownEx script is executed in memory and never touches the disk,” Bitdefender said. 

    To prevent attacks like this, researchers advise organizations to focus on implementing a combination of cybersecurity technologies to harden their security posture. 

    “Technologies such as advanced malware detection with machine learning that can identify malicious scripts, email filtering, sandbox for the detonation of suspicious files, network protection that can block C2 connections, and detection and response capabilities that extend beyond the endpoints to networks,” Bitdefender said. 

    Rise in Russia-based malware

    After Russia’s invasion of Ukraine in 2022, the cyberespionage activities from Russia on Ukraine and countries that support Ukraine have significantly intensified.

    Governments are also trying to actively disrupt these activities and prevent state-sponsored groups from carrying out the attacks.

    The news of the new malware strain involved in cyberespionage comes a day after the US announced that it had disrupted one of the most sophisticated malware sets used by the Russian intelligence services, Snake malware.

    The US government attributes the Snake malware to the Turla unit within Center 16 of the Federal Security Service of the Russian Federation (FSB). The Turla unit has used several versions of Snake malware in the last 20 years to steal sensitive documents from hundreds of computer systems across at least 50 countries. Its targets included governments, journalists, and other targets of interest to the Russian Federation including the NATO nations. 

    Copyright © 2023 IDG Communications, Inc.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Phishing remained the top identity abuser in 2022: IDSA report

    June 3, 2023 Social Engineering

    New hyperactive phishing campaign uses SuperMailer templates: Report

    May 24, 2023 Social Engineering

    Malware disguised as ChatGPT apps are being used to lure victims, Meta says

    May 8, 2023 Social Engineering

    Iranian hacking group targets Israel with improved phishing attacks

    April 30, 2023 Social Engineering

    North Korean threat actor APT43 pivots back to strategic cyberespionage

    April 22, 2023 Social Engineering

    ZeroFox partners with Google Cloud to warn users against phishing domains

    April 14, 2023 Social Engineering
    Editors Picks

    Animoca Brands to Focus on Markets Outside U.S. after SEC Labels Sand Cryptocurrency an Unregistered Security

    June 8, 2023

    Wildfire smoke makes New York air quality worst in the world

    June 7, 2023

    Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG | CISA

    June 5, 2023

    Idaho hospitals working to resume full operations after cyberattack

    June 4, 2023
    Trending Now

    People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection | CISA

    By techbizweb

    Study tests the potential of two quantum machine learning algorithms for malware classification

    By techbizweb

    New hyperactive phishing campaign uses SuperMailer templates: Report

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2023 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.