The gz attachment of the email contains an exe file: the malware.
Russia targeted by an APT since the invasion of Ukraine. MalwareBytes cybersecurity experts find 4 campaigns to spread a RAT with different baits but the same custom malware
Russia is under attack by an unknown APT since its invasion of Ukraine. It has been unveiled by MalwareBytes cybersecurity experts. According the researchers, the threat actors launched at least four separate spear phishing campaigns since late February, 2022. They are designed to implant a Remote Access Trojan (RAT) that can be used to surveil the computers it infects and run commands on them remotely. In one campaign the custom malware was disguised as an interactive map of Ukraine. In the secondo in a fake fix for the Log4j vulnerability. In the third the bait was Rostec and the last one exploited a false job advert for Saudi Aramco. The malware used in the four campaigns is essentially the same with small differences in the code.