Phishing, Malware, Threat Intelligence

Russia, Moldova subjected to XDSpy phishing campaign

Share

Cyberespionage operation XDSpy has launched phishing attacks aimed at compromising organizations in Russia and Moldova with the DSDownloader malware, according to The Hacker News.

Attackers — who were first discovered by Belarus' Computer Emergency Response Team and subsequently associated by ESET with infostealer attacks against Eastern European government agencies since 2011 — leveraged agreement-spoofing phishing emails to deliver a RAR archive with a malicious DLL, which would execute DSDownloader, a report from Russian Group-IB spinoff F.A.C.C.T. revealed.

DSDownloader would then facilitate next-stage malware downloads while opening a decoy file to evade detection, said F.A.C.C.T researchers, who noted the eventual disappearance of such a payload. Such findings follow XDSpy's attacks with the UTask dropper against Russian firms during the past 12 months and come after Belarusian threat operation GhostWriter, also known as UAC-0057 and UNC1151 was reported by Ukraine's Computer Emergency Response Team to have targeted Ukrainian organizations in phishing attacks deploying the PicassoLoader malware to facilitate Cobalt Strike Beacon compromise.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.