March 21st, 2022: Threat Group, InvisiMole Striking Ukraine
Industry: Government, Military | Level: Tactical | Source: ZDNet
Ukraine's Computer Emergency Response Team for Ukraine (CERT-UA) warns of attacks by the hacking group, InvisiMole; the group is alleged to have associated with the APT group, Gamaredon. The group is targeting industries that are "high-profile" in military and diplomatic affairs. Reported by ZDNet, the threat group is initiating phishing campaigns to distribute LoadEdge backdoors to Ukrainian organizations. The described attack chain, described by CERT-UA, involves "phishing emails being sent that have an attached archive, 501_25_103.zip, together with a shortcut (LNK) file. If opened, an HTML Application file (HTA) downloads and executes VBScript designed to deploy LoadEdge." In addition, the activity following involves using DNS tunneling to deliver malicious payloads, create persistence through registry and data collection.
- Anvilogic Use Cases:
- Compressed File Execution
- Modify Registry Key