Targeted Phishing Attack against Ukraine Government Expands to Georgia
released on 2021-07-15 @ 08:30:56 AM
The main payload delivered by the malware is an infostealer written in AutoIt. Its main goal is to steal files from the victim’s machine, uploading them to a predefined Command and control (C2) server. Based on victimology and the fact that this attack tries to steal files from government entities, a classic goal of nation-state groups, it is likely operated by a Russian nation-state. There are also several similarities between this attack and past APT28 campaigns.