SecureList

MAY 27, 2022

The attackers study their victims carefully and use the information they find to frame social engineering attacks. The group uses various malware families, including Wroba, and attack methods that include phishing, mining, smishing and DNS poisoning. When opened, this document eventually downloads a backdoor. Other malware.

Phishing 110

Phishing Spyware Firmware Malware 110

SecureList

OCTOBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware 143

Malware Government Surveillance Spyware 143

SecureList

APRIL 27, 2021

During routine monitoring of detections for FinFisher spyware tools, we discovered traces that point to recent FinFly Web deployments. In November and December 2020, two public blog posts were published about this campaign. Moreover, the malware mentioned by Google matched ThreatNeedle – malware that we have been tracking since 2018.

Malware 142

Malware Spyware Government Social Engineering 142