The Russian government and IT organizations are being targeted by a new campaign that aims to install backdoors and trojans. The campaign, code-named EastWind, uses spear-phishing techniques.
The attack involves sending RAR archive attachments containing a Windows shortcut (LNK) file. When this file is opened, it triggers an infection sequence that ultimately deploys malware such as GrewApacha, an updated version of the CloudSorcerer backdoor, and a previously unknown implant called PlugY.
Kaspersky, a Russian cybersecurity company, reported that PlugY is downloaded through the CloudSorcerer backdoor and has extensive commands. It also supports three different protocols for communicating with the command-and-control server.
Read more: EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
