< br />
MOSCOW, March 21 Kaspersky Lab has discovered an unknown malware called CommonMagic, which was used by cybercriminals to attack Donbass and Crimea, RBC writes, citing company sources.
According to the newspaper, the cyber-espionage campaign targeting government, agricultural and transport organizations in the LPR, DPR and Crimea has been going on since 2021
«It uses a previously unknown malware called CommonMagic by cybersecurity specialists «, the message says.
It is clarified that hackers using this program first send targeted phishing emails via email. They come to the victims on behalf of state organizations. In this case, when the victim clicks on the link, the download of the ZIP archive from the malicious web server starts. It contains two files. The first is a harmless decoy document (in PDF, XLSX or DOCX format), the second is a malicious LNK file with a double extension.
According to the publication, when you download the archive and click on the shortcut, the PowerMagic backdoor gets into the device. So she receives commands from a remote folder located in the public cloud, executes them, and then uploads the results of the execution of the files back to the cloud. PowerMagic infiltrates the system and stays there even after rebooting the device.
Leonid Bezvershenko, a representative of Kaspersky Lab, added in an interview with the newspaper that it is the use of cloud storage as a command and control infrastructure that is noteworthy here. The interlocutor of the publication stressed that the company will continue to investigate this threat. /khaker-1854756156.html» data-title='RaHDit hackers published Azov personnel documents*'>