Threat Actor Delivers Highly Targeted Multistage Polyglot Malware


In fall 2024, UNK_CraftyCamel leveraged a compromised Indian electronics company to target fewer than five organizations in the United Arab Emirates with a malicious ZIP file that leveraged multiple polyglot files to eventually install a custom Go backdoor dubbed Sosano.

Proofpoint uses the UNK_ designator to define clusters of activity that are still developing and have not been observed enough to receive a numerical TA designation. Delivery and infection chain analysis In late October 2024, UNK_CraftyCamel actors leveraged access to a compromised email account belonging to the Indian electronics company INDIC Electronics to send malicious email messages. The emails contained URLs pointing to the actor-controlled domain indicelectronics[.]net, which mimics the legitimate INDIC electronics domain.

Read more…
Source: Proofpoint


Sign up for our Newsletter


Related:

  • Hackers Compromise Cisco Servers Via SaltStack Flaws

    May 28, 2020

    Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which are used in Cisco network-tooling products. Two Cisco products incorporate a version of SaltStack that is running the vulnerable salt-master service. The first is Cisco Modeling Labs Corporate Edition (CML), ...

  • ‘[F]Unicorn’ Ransomware Impersonates Legit COVID-19 Contact-Tracing App

    May 27, 2020

    A fresh ransomware strain known as “Unicorn” has emerged, first seen this week targeting users by pretending to be an official government COVID-19 contact tracing app. According to an advisory from the Computer Emergency Response Team (CERT) from the Agency for Digital Italy (AgID), the malware family is taking advantage of the rollout of “Immuni” – ...

  • Spam and phishing in Q1 2020

    May 26, 2020

    Burning Man is one of the most eagerly awaited events among fans of spectacular performance and installation art. The main obstacle to attending is the price of admission: a standard ticket will set you back $475, the number is limited, and the buying process is a challenge all by itself (there are several stages, registration ...

  • Forward-looking security analysis of smart factories [Part 2] Security risks of industrial application stores

    May 26, 2020

    On May 11, 2020, Trend Micro released a paper showing the results of proof-of-concept research on new security risks associated with smart factories. In this series of 5 columns, based on the results of this research, we will look at the security risks to be aware of when promoting smart factories by examining overlooked attack ...

  • Factory Security Problems from an IT Perspective (Part 2): People, processes, and technology

    May 26, 2020

    This article is the second in a series that discusses the challenges that IT departments face when they are assigned the task of overseeing cybersecurity in factories and implementing measures to overcome these challenges. Before beginning to consider countermeasures, in the first article we explained the source of the challenges while focusing on the differences ...

  • Turla APT Revamps One of Its Go-To Spy Tools

    May 26, 2020

    The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan (RAT) to attack governmental targets. Turla (a.k.a. Snake, Venomous Bear, Waterbug or Uroboros), is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier, according to previous research from Kaspersky. “It is a ...