The letter, addressed to the ambassador, exploded when an employee of the diplomatic office opened it, wounding him slightly. It is unclear whether the attack is related to the war with Russia.
Technical analysis by the Malware Hunter JAMESWT
Triple Remcos attack via RFQ. Three emails have different request numbers, but identical text and tar attachment. Inside is an exe: the malware itself
Global attack with Remcos via email with the lure of a Request For Quotation (RFQ). In the past few hours, three messages were sent, theoretically coming from the COSCO ASIA MANAGEMENT LTD company. Each has a different RFQ number, but the text inside is identical in the same way as the compressed file in tar format.
Inside is the same exe: the malware itself. and open, activates the chain of infection. Remcos is a cybercrime Remote Access Trojan (RAT) with a wide range of features such as closely monitoring user activity, recording audio and video content, acquiring credentials, digital currency theft, downloading of additional payloads and exfiltration of confidential data avoiding detection and sandboxes.