The Russian group APT28 has initiated a spear-phishing campaign targeting Ukrainian entities and NATO allies. The objective is the deployment of PRISMEX, a previously unknown malware. This suite employs sophisticated techniques to evade detection and maintain access to compromised systems, reflecting the constant evolution of geopolitically motivated targeted threats.
PRISMEX Obfuscation and Persistence Techniques 🕵️
PRISMEX uses advanced steganography, hiding its malicious payload within seemingly normal image files. For persistence, it hijacks the system's Component Object Model (COM). Its command and control communications are camouflaged by abusing legitimate cloud services, hindering the blocking of malicious traffic and forensic analysis.
The APT28 Guys and Their Obsession with Digital Art 🎨
Not content with old-school phishing, they now gift us abstract art. They hide malware in images, like avant-garde digital artists. Their creative use of cloud services demonstrates that even threat actors appreciate the advantages of distributed computing. A notable effort, although one would prefer they channel that inventiveness into legitimate open-source projects.