Ukraine’s CERT Warns of New Malware, CrescentImp

Industry: Media | Level: Tactical | Source: Cyware

Ukraine’s CERT warns of a new malware named, CrescentImp targeting Ukrainian media organizations including radio stations, newspapers, news agencies, and others. The malware's delivery vector is through email, as 500 email addresses have been found to be targeted in this campaign. The malware utilizes the latest Microsoft Windows Support Diagnostic Tool (MSDT) vulnerability, CVE-2022-30190 as part of its infection routine. CERT-UA attributes with moderate confidence the CrescentImp malware is associated with Sandworm, a Russian-based threat group.

Anvilogic Scenario:

• Follina : Attack Chain

Anvilogic Use Case:

• Microsoft Office Code Execution Vulnerability