JAKARTA - Kaspersky detected a series of complex attacks involving retrieval of information from services such as GitHub, Microsoft Learn Challenge, Quora, and social networks.
The attack was detected in the second half of 2024 in various organizations in China, Japan, Malaysia, Peru, and Russia, and continues into 2025, with the majority of victims of large to medium-sized companies.
To infiltrate the victim's device, the attackers sent a phishing scam email disguised as legal communication from large state-owned companies, particularly in the oil and gas sectors.
The text is concurrent in such a way that it looks like there is interest in victims' organizational products and services to convince recipients to open malicious attachments in the form of PDFs containing malware.
The attackers took advantage of DLL hijacking techniques and exploited legal Crash Reporting Send Utility, which was originally designed to help developers get detailed and real-time damage reports for their apps.
To function, this malware also takes and downloads codes stored on public profiles on legitimate popular platforms to avoid detection.
Kaspersky found this code encrypted in a profile on GitHub, Microsoft Learn Challenge, the Tanya Answer website, and even the Russian social media platform. All of these profiles and pages were made specifically for this attack.
SEE ALSO:
-
| TEKNOLOGI
Tim Cook: Apple Siap Belanja Besar demi Kejar Ketertinggalan dalam AI
04 Agustus 2025, 05:05 -
| TEKNOLOGI
AgiBot Perluas Pasar Internasional, Targetkan Amerika Utara hingga Asia Tenggara
04 Agustus 2025, 06:05
After the malicious code was executed on the victim's engine, the Cobalt Strike Media was launched, and the victim's system was infected.
"While we found no evidence that the attacker used real social media profiles, because all accounts were made specifically for this attack, nothing stopped the threat perpetrators from abusing various mechanisms available on this platform," said Maxim Starodubov, Head of the Malware Analyst Team at Kaspersky.
He also emphasized the importance of always following the latest development of threat intelligence to be protected from such attacks.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
