2021-11-24

WIRTE Group

Level: 
Tactical
  |  Source: 
SecureList
Financial
Government
Share:

WIRTE Group

The WIRTE group has been conducting campaigns utilizing malicious Excel 4.0 macros, targeting high-profile public and private entities, Kaspersky research recently shared. While there is a specification of attacks with entities in the Middle East, researchers are reporting impacts from other regions as well. The WIRTE group utilizes living-off-the-land (LotL) techniques to evade detection and Kaspersky places low confidence attribution that the WIRTE group is associated with the Gaza Cybergang threat actor. An observed attack chain involves a phishing campaign to distribute the malicious document. Once ran a VBS script writes an embedded PowerShell command and creates persistence in the registry. LitePower, a PowerShell implant, acts as the downloader and secondary stage by communicating with the C2 to download or deploy additional malware.

     

Get trending threats published weekly by the Anvilogic team.

Sign Up Now