Cybersecurity experts have sounded the alarm over a global phishing campaign that has already targeted several organizations around the world using previously-unseen malware.
Researchers at security firm Mandiant have published a detailed analysis of the campaign, noting that at least fifty organizations were targeted in two separate waves in December 2020.
Of note is the fact that the attacks deployed three completely new malware strains into their victim’s computers with the help of tailored phishing lures.
- We've assembled a list of the best endpoint protection software
- These are the best firewalls on the market
- Also check out our roundup of the best disaster recovery services
“Based on the considerable infrastructure employed, tailored phishing lures and the professionally coded sophistication of the malware, this threat actor appears experienced and well resourced,” say the researchers.
Financially motivated
The researchers believe the threat actors behind the campaign employed considerable infrastructure to conduct the attacks, including the use of the about fifty domains to deliver the custom phishing emails.
It appears that while the campaign was global, a majority of the targets in both waves were in the US, though it also attacked organizations in EMEA (Europe, the Middle East, and Africa), Asia, and Australia regions.
The researchers note that the threat actors also invested time to tailor their attacks to make their phishing emails look as genuine messages from professionals their targets correspond with.
The phishing emails either contained links to a JavaScript downloader, named DOUBLEDRAG, or an Excel document with an embedded macro that downloaded an in-memory PowerShell-based dropper, named DOUBLEDROP. The dropper bundles 32 and 64-bit variants of a backdoor, dubbed DOUBLEBACK.
Mandiant also notes that the malware used in the campaign not only attempts to evade detection by deploying its payload in-memory whenever possible, it is also heavily obfuscated to hinder analysis.
“Although Mandiant has no evidence about the objectives of this threat actor, their broad targeting across industries and geographies is consistent with a targeting calculus most commonly seen among financially motivated groups,” conclude the researchers.
- Protect your devices with these best antivirus software
Via BleepingComputer
