The infamous Russian hacking group, known as APT28is abusing a function of Windows to spread infostealer and other malicious agents around the world.
The team’s experts discovered the cybercriminals’ modus operandi X-Force Of IBM. The hackers apparently pose as government organizations and NGOs, sending emails containing PDFcomplete with links to hacked websites.
These, in turn, abuse the manager of the URI protocol search-ms: beyond search:, with devastating results for the victim. In fact, cybercriminals can start a procedure that allows them to carry out searches on the victims’ devices, thus “simulating” theWindows search app.
The campaign, apparently, would have been active from last February until February 2024, affecting various territories, from Europe to North and South America, as well as Central Asia.
APT28 and the Windows Function Exploit: Three Malware Concerns
According to the experts who identified the infostealers, the actual malware would be hosted on a WebDAV server which, most likely, is exploiting router Ubiquiti compromises.
Malicious agents are names well known to cybersecurity experts. We are talking about Masepie, OceanMap e Steelhook. These are malware designed to exfiltrate files and execute arbitrary commands, as well as steal data from victims’ browsers.
The APT28 collective is a well-known name in the environment, given the number and effectiveness of the attacks. Last December, for example, Russian hackers organized a campaign that targeted Outlooktaking a look at several emails received from users.
Among the targets of cyber criminals, the name Windows is quite common. In fact, already several years ago, hackers had targeted laptops that used the Microsoft operating system.