Kaspersky discovered cyberattacks that sourced information from GitHub, Quora, and social networks to target organizations
The attackers leveraged DLL highjacking techniques and exploited the legitimate Crash reporting Send Utility which is originally designed to help developers get detailed, real-time crash reports for their applications. To function, the malware also retrieved and downloaded a code that was stored in public profiles on popular legitimate platforms to avoid detection. Kaspersky found this code encrypted inside profiles on GitHub, and links to it (also encrypted) – on other GitHub profiles, Microsoft Learn Challenge, Q&A websites, and even Russian social media platforms. All of these profiles and pages were created specifically for this attack. After the malicious code was executed on victims' machines, Cobalt Strike Beacon was launched, and the victims' systems were compromised.
'While we didn't find any evidence of the attackers using real people's social media profiles, as all the accounts were created specifically for this attack, there's nothing stopping the threat actor from abusing various mechanisms these platforms provide. For instance, malicious content strings could be posted in comments on legitimate users' posts. Threat actors are using increasingly complex methods to conceal long-known tools, and it's important to stay up to date with the latest threat intelligence to be protected from such attacks,' comments Maxim Starodubov, Malware Analyst Team Lead at Kaspersky. The method used to retrieve the download address for the malicious code is similar to what was observed in the EastWind campaign linked to Chinese-speaking actors. Kaspersky recommends that organizations follow these security guidelines to stay safe: • Track the status of digital infrastructure and continuously monitor the perimeter. • Use proven security solutions to detect and block malware embedded within bulk email. • Train staff to increase cybersecurity awareness.
• Secure corporate devices with a comprehensive system, such as Kaspersky Next, that detects and blocks attacks in the early stages.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Daily Tribune
20 hours ago
- Daily Tribune
Freight Train Crashes Into Tourist Bus Near St. Petersburg, Leaving One Dead
A tragic accident occurred early Monday near the Russian city of St. Petersburg when a freight train collided with a tourist bus at a level crossing. Officials confirmed that one person was killed and 11 others were injured. The crash happened at around 3:00 a.m. GMT in northwestern Russia. Authorities said the bus was on the tracks when the train struck it at full speed. According to the railway company, the train driver attempted to brake but could not stop in time to avoid the collision. Emergency responders rushed to the scene, and the injured passengers were taken to nearby hospitals. Investigations are underway to determine why the bus was on the tracks. Traffic violations remain a frequent cause of deadly accidents in Russia.
Gulf Insider
3 days ago
- Gulf Insider
US Imposes Sweeping New Sanctions On Iranian Shipping Network
The US Treasury Department has announced new sanctions targeting the global shipping interests reportedly controlled by Mohammad Hossein Shamkhani, son of senior Iranian official Ali Shamkhani, in what it described as the most significant Iran-related action since 2018. The sanctions aim to dismantle what Treasury officials called a 'vast network' used to sell Iranian and Russian oil through container ships and tankers operated by front companies and intermediaries. The network, they said, generated tens of billions of dollars used to support the Iranian government. 'These profits have helped prop up the Iranian regime,' the Treasury stated, accusing Shamkhani of leveraging corruption and personal connections in Tehran to evade existing restrictions. In total, the action designates 15 shipping firms, 52 vessels, 12 individuals, and 53 entities involved in sanctions evasion, with operations spanning 17 countries, including Panama, Italy, Hong Kong, the UAE, and the UK. A US official said the measure was 'tailored' to avoid disrupting global oil markets while striking specific targets. 'From our perspective, given where this individual fits, given his connection to the supreme leader and his father's previous sanctions activities, given the Iran-related authorities, it's critically important to emphasize that this is an Iran action that is meaningful and very impactful,' the official said. The EU sanctioned Shamkhani earlier in July for his role in the Russian oil trade, and his father, Ali Shamkhani, was sanctioned by the US in 2020. Tehran condemned the decision as a hostile move, with Foreign Ministry spokesperson Esmail Baghaei calling it a 'blatant assault on the Iranian people and their national dignity,' adding that it reflected 'the hostility of American policymakers towards the Iranian people.' He accused Washington of seeking to 'cripple Iran's development, sow internal discord, and erode the rights and livelihoods of ordinary citizens.' 'The Iranian people, fully aware of the malicious intent of the aggressive sanctioning party …, will stand firm with all their might to safeguard their dignity and interests,' Baghaei said. He criticized the US's 'addiction' to unilateralism and said its measures repeatedly violated 'international law, human rights, and freedom of sovereign trade.' He called for international accountability and reaffirmed Iran's 'unshakeable resolve' to defend its sovereignty and continue its development goals. Sanctioned entities include Sepehr Energy Jahan Nama Pars Company, linked to Iran's Armed Forces General Staff. Among the targeted vessels are Bendigo, Carnatic, Luna Prime, Goodwin, Davina, and Spirit of Casper.
Daily Tribune
3 days ago
- Daily Tribune
Russian drone strikes hit peak
July's record drone attacks kill 31 in Kyiv, as international outrage mounts and new air defences promised • EU slams Russia's 'depraved' tactics • Zelensky urges global pressure, air defenses • Germany to send more Patriot systems • Trump threatens new Russia sanctions Russia fired a record number of drones at Ukraine in July, an analysis showed yesterday, intensifying its deadly bombardment of the country despite US pressure to stop the war. Russian attacks have killed hundreds of Ukrainian civilians since June. A combined missile and drone attack on the Ukrainian capital Kyiv early Thursday killed 31 people, including five children, said rescuers. Russian President Vladimir Putin, who has consistently rejected calls for a ceasefire, said yesterday that he wanted peace but that his demands for ending the nearly three-and-a-half year invasion were 'unchanged'. Those demands include that Ukraine withdraw from territory it already controls and drop its NATO ambitions forever. 'We need a lasting and stable peace on solid foundations that would satisfy both Russia and Ukraine, and would ensure the security of both countries,' Putin said. Flowers for the Children In Kyiv, residents held a day of mourning for the 31 killed on Thursday, most of whom were in a nine-storey apartment block torn open by a missile. Journalists at the scene yesterday saw rescue workers pulling bodies from the debris. Iryna Drozd, a 28-year-old mother-of-three, was laying flowers at the site to commemorate the five children killed. The youngest, whose lifeless body was found early yesterday, was two years old. 'These are flowers because children died. We brought flowers because we have children. Our children live across the street from here,' she said. Ukrainian President Volodymyr Zelensky, who announced rescue operations had ended yesterday, said later that only Putin could end the war and renewed his call for a meeting between the two leaders. 'The United States has proposed this. Ukraine has supported it. What is needed is Russia's readiness,' he wrote on X. "This despicable attack by Russia shows that additional pressure and sanctions on Moscow are necessary. This can only be stopped together: America, Europe, and other global actors." — Ukrainian President Volodymyr Zelensky 'We Can Wait' Putin made no mention of a possible meeting with Zelensky in his comments to reporters yesterday, and suggested Kyiv was not ready for further negotiations. 'We can wait if the Ukrainian leadership believes that now is not the time,' he said. He added that Russian troops were advancing 'along the entire front line', and that Moscow had started mass producing 'Oreshnik' — a nuclear-capable, hypersonic missile first fired on Ukraine last year. The Kremlin has consistently rejected a ceasefire in Ukraine, saying in July it saw no immediate diplomatic way out of its nearly three-and-a-half year invasion. US President Donald Trump on Thursday condemned Russia's actions in Ukraine, suggesting that new sanctions against Moscow were coming.
