At a glance.
- Gamaredon continues to target Ukraine.
- RedLine stealers disguised as game cheats.
- Emotet’s place in the malware landscape.
- Risks of quantum computing.
Gamaredon continues to target Ukraine.
According to Cisco Talos, the Russian threat actor Gamaredon (aka Primitive Bear) continues to conduct spy campaigns against Ukrainian organizations. The attacker uses spear phishing emails to proliferate malicious Microsoft Office documents:
“Cisco Talos detected Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The campaign, which is part of an ongoing espionage operation first observed in August 2022, aims to deliver information-stealing malware to Ukrainian victim machines and makes heavy use of multiple modular PowerShell and VBScript (VBS) scripts as part of the infection chain. The Infostealer is dual-purpose malware that includes functionality to exfiltrate specific file types and deliver additional binary and script-based payloads on an infected endpoint.
RedLine stealers disguised as game cheats.
Kaspersky warns that RedLine Trojan is distributed with a bundle of malware that can propagate itself by publishing YouTube videos with malicious links. The researchers note that while this technique is uncommon, it is achieved through “the use of relatively simple software”:
“In addition to the payload itself, the discovered bundle is characterized by its self-propagation functionality. Several files are responsible for this, which receive videos and post them on the YouTube channels of the infected users together with the links to a password. protected archive with the bundle in the description. The videos promote cheats and cracks and provide instructions on how to hack popular games and software. Among the games mentioned are APB Reloaded, CrossFire, DayZ, Dying Light 2, F1® 22, Farming Simulator, Farthest Frontier , FIFA 22, Final Fantasy XIV, Forza, Lego Star Wars, Osu!, Point Blank, Project Zomboid, Rust, Sniper Elite, Spider-Man, Stray, Thymesia, VRChat and Walken. According to Google, the hacked channels were quickly shut down for violating the company’s Community Guidelines.”
Emotet’s place in the malware landscape.
AdvIntel researchers have observed more than 1.2 million Emotet infections since early 2022. Most infections (35.7%) are in the United States. The researchers also warn that ransomware groups Quantum and BlackCat are now using the malware-distribution botnet after Conti was disbanded in June 2022 ESET in 2022.
However, according to Check Point’s visibility, the FormBook info-stealer replaced Emotet as the most prevalent malware strain in August 2022, followed by the AgentTesla Trojan, the XMRig cryptominer, and the Guloader downloader.
Risks of quantum computing.
Deloitte has released the results of a survey on cybersecurity risk awareness related to quantum computing. The survey found that just over half (50.2%) of respondents are aware of “harvest now, decrypt later” attacks. In these attacks, encrypted data is stolen and stored until a quantum computer capable of breaking the encryption is developed.
26.6% of respondents indicated that their organization has already conducted a risk assessment on quantum computing risks, while 18.4% plan to conduct an assessment within a year.
Additionally, 27.7% of respondents said their organization was most likely to address quantum risk after regulatory pressure, while 20.7% cited the need for leadership within the organization “to enable the cryptographic agility that algorithms rendered obsolete by quantum computing are addressing can”.