JAKARTA - In March 2023, Kaspersky researchers discovered a new APT campaign in the Russia-Ukraine conflict region, called CommonMagic. Active since September 2021, CommonMagic has used previously unidentified malware to collect data from targeted entities.
Although the threat actors responsible for the attack remains unknown at the time, Kaspersky experts have resumed their investigation, and tracked unknown activity back to a forgotten campaign to gather further information.
Kaspersky's research identified at least 9 modules in this framework, each of which was responsible for different malicious activities such as collecting files, keylogging, capturing screenshots, recording microphone inputs, and stealing passwords.
In particular, Kaspersky revealed that one of the modules focuses on browsing data from the Gmail account. By extracting Gmail cookies from the browser database, these modules can access and smuggle activity logs, contact lists, and all email messages related to the targeted account.
また読む:
Not only that, the researchers also revealed that the distribution of victims from this campaign is getting wider. While previous key targets were located in the Donetsk, Luhansk, and Crimea regions, its coverage has now been expanded to include individuals, diplomatic entities, and research organizations in Western and Central Ukraine.
Based on these findings, Kaspersky experts have concluded that malicious campaigns such as Prikormka, Operation Groundbait, Operation BugDrop, CommonMagic, and CloudWizard can all be linked to the same active threat actor.
The threat actors responsible for this operation have demonstrated a persistent and sustainable commitment to cyber espionage, by continuing to improve their devices and targeting critical organizations for more than fifteen years, said Kaspersky's Global Research and Analysis Team (GREAT).
Kaspersky also added that geopolitical factors continue to be a significant motivator for APT attacks and, given the tensions that exist in the Russian-Ukraine conflict area.
"We anticipate that this actor will survive with his operations in the future," he added.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
