Cyber Shenanigans: APT28’s Malware Mischief in Ukraine Unveiled
In a twist of digital espionage, CERT-UA has flagged APT28’s latest antics using Signal messages to unleash BEARDSHELL and COVENANT malware upon unsuspecting Ukrainian networks. It’s like a cyber-thriller where the protagonist is a rogue DLL, and the plot thickens with each stealthy Signal chat.
Hot Take:
Well, well, well, looks like the APT28 threat actors have decided to play Santa Claus with a bag full of malware goodies. Using Signal chat messages to drop their payloads, they’re spreading BEARDSHELL and COVENANT like it’s a new holiday tradition. It’s like getting a surprise package in the mail, but instead of a new pair of socks, it’s a one-way ticket to Malware City. Next time, maybe just stick to sending e-cards, APT28!
Key Points:
- APT28 is using Signal messages to distribute new malware: BEARDSHELL and COVENANT.
- BEARDSHELL is capable of executing PowerShell scripts and communicating with remote servers via Icedrive API.
- The attack method involves a macro-laced Word document that drops a malicious DLL and a PNG image.
- A phishing campaign is exploiting XSS vulnerabilities in webmail software to target Ukrainian entities.
- Miscreants are leveraging old Roundcube vulnerabilities to exfiltrate data and execute commands.
Already a member? Log in here