The Cyber Shafarat – Membership only site

, , ,

Cyber Attacks Hit Russia

Kaspersky discovered a hacker attack on the Crimea with the help of “powerful magic” “Kaspersky Lab” revealed cyber attacks in Donbass and Crimea with a new virus Hackers attack Donbass and Crimea using CommonMagic and PowerMagic malware. After gaining access to the device, they can take screenshots and steal files from storage media, sending them…

Treadstone 71
2 minutes


Kaspersky discovered a hacker attack on the Crimea with the help of “powerful magic”
“Kaspersky Lab” revealed cyber attacks in Donbass and Crimea with a new virus
Hackers attack Donbass and Crimea using CommonMagic and PowerMagic malware. After gaining access to the device, they can take screenshots and steal files from storage media, sending them to the cloud

Since 2021, a cyber-espionage campaign has been ongoing in the DPR, LPR and Crimea, aimed at government, agricultural and transport organizations, Kaspersky Lab told RBC. It uses a malicious program previously unknown to cybersecurity specialists, called CommonMagic.

Presumably, the attack begins with the distribution of spear phishing emails. They come to the victims on behalf of state organizations. When the link is clicked, the victim downloads a ZIP archive containing two files from a malicious web server. The first is a harmless decoy document (in PDF, XLSX or DOCX format), the second is a malicious LNK file with a double extension (for example, .pdf.lnk).

If you download the archive and click on the shortcut, the PowerMagic backdoor penetrates the device. It receives commands from a remote folder located in the public cloud, executes them, and then uploads the results of executing files back to the cloud. PowerMagic infiltrates the system and remains there even after rebooting the infected device. It is also used to deploy the CommonMagic malware platform, which consists of several modules. For example, it can steal files from USB devices, as well as take screenshots every three seconds and send them to attackers.

“We are following this campaign. Notable in it is not malware and technology – they are not the most ingenious – but the fact that cloud storage is used as a command and control infrastructure. We will continue to investigate this threat and hopefully be able to share more about CommonMagic later,” said Leonid Bezvershenko, cybersecurity expert at Kaspersky Lab.

VTB suffered an “unprecedented cyberattack”
Finance

Swordfish Security predicted in October that the number of cyber attacks on Russian companies in 2023 would increase by at least 50%. Experts called the use of machine learning technologies by hackers a new threat factor.

Regular DDoS attacks on Russian resources, including authorities and the media, began to be actively conducted after February 24, the day the hostilities began in Ukraine. Thus, a large-scale attack on electronic document management services was carried out on September 1.

Trending

Copyright 2024

Discover more from The Cyber Shafarat - Membership only site

Subscribe now to keep reading and get access to the full archive.

Continue reading