Operation SkyCloak represents a complex and stealth-oriented intrusion targeting the Russian Airborne Forces and Belarusian Special Forces. The campaign employs phishing tactics with official-looking documents to initiate infections. Phishing lures include shortcut files disguised as military documents, leading to the execution of malware that uses PowerShell for persistence and malicious activities.
The malware extracts files into hidden directories and employs sophisticated techniques to evade detection. It registers scheduled tasks for continuous execution even without network connectivity. Additionally, it communicates through Tor hidden services, exposing multiple ports and utilizing obfuscated commands to maintain persistence. The findings demonstrate a concerning trend in targeting military infrastructure, showcasing the evolving sophistication of cyber threats in geopolitical contexts.
👉 Pročitaj original: Cyber Security News
