EastWind Spear-Phishing Storm: Russian IT Under Siege by Sneaky Trojans and Backdoors

EastWind campaign targets Russian IT with backdoors and trojans via spear-phishing. Malicious LNK files exploit DLL side-loading, deploying malware like GrewApacha and CloudSorcerer. New implant PlugY supports multiple communication protocols. Kaspersky highlights the use of popular services for command servers and a watering hole attack with the CMoon worm.

3P
Published: August 12, 2024 4:22 amAdded: August 11, 2024 at 9:45 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like the Russians just took a vacation to the malware-filled coast of EastWind. They might need a bigger umbrella for all this cyber-rain!

Key Points:

  • EastWind spear-phishing campaign targets Russian government and IT organizations.
  • Attack chain initiated via RAR archive with LNK file, leading to malware deployment.
  • Malware includes GrewApacha, updated CloudSorcerer, and new implant PlugY.
  • Malware uses DLL side-loading and Dropbox for communication and payload delivery.
  • CMoon worm linked to watering hole attack, targeting gas supply site in Russia.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?