The attack used a disguised ZIP file labeled as a Belarusian military document to lure Special Operations Command personnel, combining social engineering with advanced technical countermeasures. The malware employs OpenSSH on Windows and a customized Tor service for anonymous access to various protocols on infected systems.
Cyble analysts confirmed the backdoor’s functionality through SSH connectivity, though no secondary payloads were noted at the time. Attribution points to a Russian-linked group, UAC-0125/Sandworm, known for targeting military and infrastructure. The attack chain displays sophisticated evasion tactics, including nested ZIP files and decoy files to bypass detection systems. This level of complexity reflects Sandworm’s continued refinement and adaptation of proven attack methodologies.
👉 Pročitaj original: Cyber Security News
