A new spear-phishing campaign has been uncovered, with the Russian threat actor APT28, also known as Forest Blizzard and Pawn Storm, at its helm. This campaign is specifically targeting Ukraine and its NATO allies, with the goal of deploying a previously unknown malware suite codenamed PRISMEX.
PRISMEX is notable for its advanced features, including the use of steganography, which allows it to hide in plain sight by concealing malicious code within seemingly innocuous files. Additionally, it employs component object model (COM) hijacking, a technique that enables the malware to intercept and manipulate legitimate system processes.
The malware also utilizes legitimate cloud services for its command-and-control (C2) operations, making it more challenging to detect and mitigate. This tactic is particularly concerning, as it leverages trusted services to carry out malicious activities, thereby increasing the difficulty of distinguishing between legitimate and malicious traffic.
According to Trend Micro, the security firm that discovered this campaign, PRISMEX represents a significant escalation in the sophistication and stealth of APT28’s operations. As the cybersecurity landscape continues to evolve, it’s essential for organizations to stay vigilant and implement robust security measures to protect against such advanced threats.
The deployment of PRISMEX by APT28 underscores the ongoing threat posed by state-sponsored cyber actors to global security and stability. It highlights the need for enhanced cooperation among nations and the private sector to combat these threats and to develop effective strategies for mitigating the impact of sophisticated malware campaigns.
Source: Original Article
