New ‘Unhealthy Magic’ Cyber Risk Disrupt Ukraine’s Key Sectors Amid Warfare

Mar 21, 2023Ravie LakshmananCyber Warfare / Cyber Risk

Cyber Threat

Amid the continued warfare between Russia and Ukraine, authorities, agriculture, and transportation organizations situated in Donetsk, Lugansk, and Crimea have been attacked as a part of an energetic marketing campaign that drops a beforehand unseen, modular framework dubbed CommonMagic.

“Though the preliminary vector of compromise is unclear, the small print of the following stage indicate the usage of spear phishing or comparable strategies,” Kaspersky said in a brand new report.

The Russian cybersecurity firm, which detected the assaults in October 2022, is monitoring the exercise cluster beneath the identify “Unhealthy Magic.”

Assault chains entail the usage of booby-trapped URLS pointing to a ZIP archive hosted on a malicious net server. The file, when opened, comprises a decoy doc and a malicious LNK file that culminates within the deployment of a backdoor named PowerMagic.

Written in PowerShell, PowerMagic establishes contact with a distant server and executes arbitrary instructions, the outcomes of that are exfiltrated to cloud companies like Dropbox and Microsoft OneDrive.

Cyber Threat

PowerMagic additionally serves as a conduit to ship the CommonMagic framework, a set of executable modules which are designed to hold out particular duties corresponding to interacting with the command-and-control (C2) server, encrypting and decrypting C2 site visitors, and executing plugins.

Two of the plugins found thus far include capabilities to seize screenshots each three seconds and collect information of curiosity from related USB gadgets.

Kaspersky stated it discovered no proof linking the operation and its tooling to any identified risk actor or group.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.