New DownEx malware campaign targets Central Asia

According to a report from Bitdefender, a previously undocumented malware campaign called DownEx has been observed actively targeting government institutions in Central Asia for cyberespionage.

The first instance of the malware was detected in 2022 in a highly targeted attack aimed at exfiltrating data from foreign government institutions in Kazakhstan. Researchers observed another attack in Afghanistan.

“The domain and IP addresses involved do not appear in any previously documented incidents, and the malware does not share any code similarities with previously known malware,” Bitdefender said in its investigation.

Researchers say the attack highlights the sophistication of a modern cyber attack. “Cybercriminals are finding new methods to make their attacks more reliable,” the research said.

Based on the specific targets of the attacks, the document’s metadata impersonating a real diplomat, and the primary focus on exfiltrating data, researchers believe a state-sponsored group is responsible for these incidents. While the attacks have not been attributed to any specific threat actor, it is likely that a Russian group is responsible for the attacks.

“One clue pointing to the origin of the attack is the use of a cracked version of Microsoft Office 2016 popular in Russian-speaking countries (known as ‘SPecialisST RePack’ or ‘Russian RePack by SPecialisT'”), he said Bitdefender in its report, adding that it is also unusual to see the same backdoor written in two languages. This practice was previously observed with the APT28 group (based in Russia) with its Zebrocy backdoor.

Copyright © 2023 IDG Communications, Inc.

Source link
A new cyberattack known as the DownEx malware campaign is targeting central Asian countries like Armenia, Azerbaijan, Kazakhstan and Kyrgyzstan. The malicious code has been used to harvest data from infected computers and is currently on the rise in the region.

Ikaroa, a full-stack tech company, has been monitoring this malware campaign and has uncovered evidence that it may have been created by a professional hacking group. The malware is designed to extract sensitive information from computer systems and then exfiltrate it to remote networks, allowing criminals access to passwords, account information and even financial records.

The insidious nature of the DownEx campaign allows the attackers to launch multiple attacks within a single day and increase the likelihood of successful breaches. Furthermore, the malware is able to evade most anti-virus and anti-malware protections, making it even harder to detect.

Ikaroa is encouraging all organizations and individuals in the region to make sure they have the latest security patches and up-to-date anti-virus and anti-malware software to protect themselves against the DownEx attack. Additionally, organizations should consider the use of encryption and other mechanisms to secure their network and server infrastructure.

Finally, it is important to remember that the best way to protect yourself from threats like the DownEx malware campaign is to stay informed and remain vigilant. Organizations should always be aware of the latest threats and ensure that their IT teams are up-to-date on the latest techniques for combating malicious software.


Leave a Reply

Your email address will not be published. Required fields are marked *