A mannequin new covert assault advertising campaign singled out a quantity of army and weapons contractor corporations with spear-phishing emails to set off a multi-stage an infection course of designed to deploy an unacknowledged payload on compromised machines.
The extremely-focused intrusions, dubbed STEEP#MAVERICK by Securonix, furtherly focused a strategic supplier to the F-35 Lightning II fighter plane.
“The assault was carried out starting in late summer time 2022 concentrating on A minimal of two extreme-profile army contractor corporations,” Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in an evaluation.
Infection chains start with a phishing mail with A zipper archive attachment containing a shortcut file that claims to be a PDF doc about “Agency & Advantages,” which is then used to retrieve a stager — an preliminary binary That is used to acquire The specified malware — from a distant server.
This PowerShell stager mannequins the stage for a “strong chain of stagers” that progresses by way of seven extra steps, when The final PowerShell script executes a distant payload “header.png” hosted on a server named “terma[.]app.”
“Whereas we have been In a place to acquire and analyze the header.png file, we Weren’t In a place to decode it as we think about the advertising campaign was accomplished and our concept is that the file was changed So as To cease further evaluation,” the researchers defined.
“Our makes an try to decode the payload would solely produce garbage knowledge.”
What’s notable Regarding the modus operandi is the incorporation of obfuscated code designed to thwart evaluation, Collectively with scanning for the presence of debugging Computer software and halt the execution if the system language Is about to …….
Source: https://thehackernews.com/2022/09/researchers-uncover-covert-attack.html