Kowatek Solar LTD
HVR Solar signs MoU for 1.2GW TOPCon cell manufacturing plant
17:54
HVR Solar signs MoU for 1.2GW TOPCon cell manufacturing plant
Largest wind farm in the United States slated to begin commercial operations
17:53
Largest wind farm in the United States slated to begin commercial operations
RETC PV Module Index highlights panel reliability concerns
14:31
RETC PV Module Index highlights panel reliability concerns
SEIA: AI is fueling a massive US energy storage boom
07:36
SEIA: AI is fueling a massive US energy storage boom
Intermodal Shifts and Retail Consolidation De-Carbonize Logistics Freight — Environmental Protection
17:55
Intermodal Shifts and Retail Consolidation De-Carbonize Logistics Freight — Environmental Protection
France VAT compliance
17:59
France VAT compliance
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
17:54
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
Why Britain is saying no to hydrogen boilers
17:53
Why Britain is saying no to hydrogen boilers
Who are the companies commercialising large-scale thermal energy storage technologies today
04:32
Who are the companies commercialising large-scale thermal energy storage technologies today
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid

CommonMagic Targets Entities in Russo-Ukrainian Conflict Zone

An Advanced Persistent Threat (APT) known as CommonMagic has been observed targeting administrative organizations in conflict zones in Russia and Ukraine.

According to an advisory issued today by Kaspersky, CommonMagic has been active since at least September 2021, with the group attacking administrations, agriculture and transportation in Donetsk, Luhansk and Crimea.

“While the initial vector of compromise is unknown, details of subsequent stages suggest the use of spear phishing or similar methods,” read the technical article. “The victim navigated to a URL pointing to a ZIP archive hosted on a malicious web server. The archive contained two files.”

The first of these files is a decoy document (either a PDF, XLSX, or DOC file) and the second is a malicious LNK (Windows shortcut) file with two extensions (e.g. .pdf) .lnk) and caused an infection when opened. .

Learn more about shortcut files here: Are you losing the war against ransomware?

Kaspersky explained that the threat actor used a PowerShell-based backdoor called PowerMagic and a new malicious framework called CommonMagic after the group name to carry out the attack.

“The backdoor receives commands from remote folders located on public cloud storage services, executes commands sent by the server, and uploads the execution results to the cloud,” writes Kaspersky. “PowerMagic sets itself up in the system to be permanently launched when the infected device boots.”

Regarding CommonMagic, security researchers explained that the framework consists of multiple modules. Each is an executable file launched in a separate process and the modules can communicate.

“This framework can steal files from USB devices, take screenshots every 3 seconds, and send them to the attacker,” the advisory reads.

Kaspersky security researcher Leonid Bezvershenko commented on the findings, saying that while the malware and techniques used in the CommonMagic campaign were not particularly sophisticated, cloud storage as a command and control (C2) infrastructure said to be important.

“We hope to continue our research and share more insights about this campaign.”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us