Many of you might be aware that a Lion Air 737 Max crashed shortly after takeoff in late October. All passengers and crew on board perished in this crash. Palo Alto Networks, a security firm, has sent out a new warning about APT 28. It’s an elite Russian hacking group that apparently used this plane crash as phishing bait. It’s one of the groups that were tied to the election interference in the 2016 U.S. elections.
Researchers say that this attack relies on one weaponized document which pulls in malicious code through an email-based channel from its command center. The researchers were able to obtain samples of malicious macro-code which runs commands and malware payloads because the command and control service was left online.
The hacking group sent this document, titled “crash list(Lion Air Boeing 737).docx,” to many targets in North America, Europe, and in a former Soviet state. It was clearly designed to capture the attention of those who were interested in knowing more about the deadly plane crash.
Zebrocy was identified by Palo Alto Networks as the first malware used in this attack. The group is known to have used it in the past as well against diplomatic targets. However, this is the first time that the group has been observed using the stage two malware that also uses the email-based C2 channel to link up with the attackers.
Filed in . Read more about Hacking.