russian hackers used the new malicious software MASEPIE against Ukraine

1 January 2024 2 minutes Author: Newsman

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new wave of phishing attacks carried out by Russian hackers, during which the previously unknown MASEPIE malware was used

APT28, also known as Fancy Bear and Strontium, which has the support of the Russian state, has been identified as the main perpetrator of a series of cyber attacks against government organizations, businesses, educational institutions and research institutes of the West and NATO agencies. The attacks in question took place between December 15 and 25, 2023, and involved phishing emails that tricked recipients into clicking on a link that purported to lead to an important document.

The redirects were to a malicious web resource that used JavaScript to download a Windows Shortcut (LNK) file and called a PowerShell command to launch a new malware named “MASEPIE.” This caused a chain reaction of downloading other malware.

MASEPIE establishes persistence in infected systems by modifying the Windows registry and adding a shortcut file with a misleading name to the Windows startup folder, making it difficult to remove. Using PowerShell scripts called “STEELHOOK” to steal data from Chrome-based web browsers allows attackers to obtain sensitive information such as passwords and browsing history. Other tools, including OCEANMAP and IMPACKET, are used for long-term system access and attack control.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.