Cloudflare Disrupts Russian Phishing Campaign Targeting Ukraine: FlyingYeti’s COOKBOX Malware Exposed

Cloudflare has disrupted a month-long phishing campaign by Russia-aligned FlyingYeti, which targeted Ukraine using debt-themed lures. The campaign exploited WinRAR vulnerabilities to spread COOKBOX malware.

3P
Published: May 30, 2024 5:22 pmAdded: May 30, 2024 at 10:31 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like FlyingYeti has taken a page out of the “How to Be a Nuisance” handbook, turning everyday stress into a full-blown cyber nightmare. Just when you thought paying bills was your biggest worry, along comes COOKBOX to steal your data and your sanity!

Key Points:

  • FlyingYeti is a Russia-aligned threat actor targeting Ukraine with phishing campaigns.
  • The campaign uses anxiety-inducing debt-themed lures to distribute the COOKBOX malware.
  • Cloudflare Workers and GitHub were exploited alongside a WinRAR vulnerability (CVE-2023-38831).
  • The malware employs dynamic DNS for command-and-control (C2) purposes.
  • Other phishing campaigns are targeting European and U.S. financial organizations with various malware.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?