Monday, June 24, 2024

G20 summit used as bait to deliver malware

Prior to the G20 summit held on Sept. 5 to 6 in Saint Petersburg, Russia, security firm Symantec discovered that attackers leveraged the meeting’s visibility as a bait in targeted attacks.

One particular campaign that Symantec identified was a malware that targete multiple groups. They include financial institutions, financial services companies, government organizations, and organizations involved in economic development.

The email that contained the malware

The e-mail purported to be sent on behalf of a G20 representative. Attached to the email is a RAR archive file. The victim will be shown a non-malicious document.

“What is interesting about these documents is that each of them has track changes enabled and contains the reported comments from the UK called out in the original e-mail,” Symantec noted.

The malicious executable that run in the background was known as Poison Ivy. Symantec detected this executable as Backdoor.Darkmoon.

Backdoor.Darkmoon is a well-known remote access Trojan (RAT) that has been used in various targeted attack campaigns over the years, including The Nitro Attacks which Symantec reported on in 2011.


- Advertisement -spot_img




- Advertisement -spot_img