Threat actors are actively leveraging weaponized attachments distributed through phishing emails to deliver malware primarily aimed at the defense sector in Russia and Belarus. Reports from Cyble and Seqrite Labs indicate that this malicious campaign sets up a persistent backdoor on the compromised hosts. The backdoor specifically employs OpenSSH in combination with a customized Tor hidden service, which utilizes obfs4 for enhanced stealth and anonymity.
This tactic not only targets sensitive defense-related information but also demonstrates the evolving complexity of cyber threats faced by nations. The choice of employing Tor hidden services signifies a calculated approach to avoid detection and maintain continued access to breached systems. Cybersecurity measures must be strengthened within affected sectors to mitigate these sophisticated attack vectors and protect critical data against such persistent threats.
👉 Pročitaj original: The Hacker News
