March 21, 2023Rabbi LakshmananCyber ​​War / Cyber ​​Threat

Amid the ongoing war between Russia and Ukraine, government, agricultural and transport organizations in Donetsk, Lugansk, and Crimea have been attacked as part of an active campaign called the Modular Framework, which has never been seen before. it was done. common magic.

“While the initial vector of compromise is unknown, details of subsequent stages suggest the use of spear phishing or similar methods,” said Kaspersky. Said in a new report.

A Russian cybersecurity firm that detected the attack in October 2022 tracks the activity cluster under the name “Bad Magic.”

The attack chain involves using a booby-trapped URL pointing to a ZIP archive hosted on a malicious web server. When opened, this file contains a decoy document and a malicious LNK file that eventually deploys a backdoor named PowerMagic.

PowerMagic, written in PowerShell, establishes a connection with a remote server and executes arbitrary commands. The results flow out to cloud services like Dropbox and Microsoft OneDrive.

cyber threat

PowerMagic is a CommonMagic framework, a set of executable modules designed to perform specific tasks such as interacting with command and control (C2) servers, encrypting and decrypting C2 traffic, running plugins, etc. Also serves as a pipe for providing

Two plugins discovered so far have the ability to capture screenshots every 3 seconds and collect the desired files from the attached USB device.

Kaspersky said it found no evidence linking the operation and its tools to known threat actors or groups.

Did you find this article interesting?Please follow us twitter and LinkedIn To read more exclusive content that we post.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog