The fake pdf attached to the "PURCHASE ORDER 05-30-2023" email contains a link, from which you download a tgz file with a TAR, inside which there is an exe: the malware.
Cyber Warfare, Team OneFist hits Russia in Space again
Team OneFist hits Russia in Space again. The entire network of Gonets-M satellites “silenced”, thanks to the destruction of CRM/billing databases. The IT Army of Ukraine group is causing heavy damage to Moscow
New blow by Team OneFist to the Russian satellites as part of its cyber warfare in Space. After hacking at least 12 ground stations of the Satis network, used for communications with mines and fields in remote areas through the Yamal 401 and Ekspress-AM6 (Operation Polaris), the IT Army of Ukraine group has been targeting for over one day the Gonets-M (Op Pleiades). In particular, hackers destroyed CRM / billing databases, effectively silencing the entire network. The DB, in fact, is an important part of the system: in order for a customer to send or receive a message, he must have an active account, which is verified every time. If there are no accounts, the messages are not sent and consequently the entire infrastructure is “silenced” until complete recovery, which in any case takes time to be carried out. Team members are causing considerable damage to Russia; it is no coincidence that they ended up on the Moscow black list and are actively wanted.