Aside from spearheading the first-ever ransomware-as-a-service operation Reveton along with co-conspirators also charged in the U.S. in 2011, Silnikau also led the Angler exploit kit, which had been leveraged in malvertising campaigns against U.S.-based firms.
Attacks commenced with the delivery of malicious emails purportedly from the SSU that sought the submission of certain required documents and included hyperlinks to a Documents.zip archive, which when clicked would trigger an MSI file that would facilitate malware installation.
Malvertising exploiting Google search results has been leveraged to lure victims into downloading fraudulent software installers, including YouTube downloader, Roblox FPS Unlocker, and VLC video player.
Intrusions commenced with the delivery of phishing emails with RAR archives deploying a backdoor that facilitated the injection of the APT31-linked GrewApacha trojan, as well as a new version of the CloudSorcerer malware that bypasses detection through VMProtect.
Malicious apps spoofing Alipay or an Android system service have been used to distribute LianSpy, which when executed uses admin privileges to ensure background operation or seeks several permissions to enable extensive device access.
Attackers commenced the operation with the deployment of dropper that could evade protections in Android 13 and newer devices before displaying a fraudulent CRM login page requesting an employee ID, which when performed facilitates the installation of Chameleon.