A sophisticated multi-stage phishing campaign targeting Russian organizations uses GitHub and Dropbox to distribute malware while disabling Microsoft Defender through the defendnot tool. The attack chain deploys Amnesia RAT for comprehensive data theft and remote control, along with Hakuna Matata-derived ransomware for file encryption. The campaign leverages social engineering with business-themed documents, PowerShell scripts, and Visual Basic scripts to establish persistence, disable security controls, and exfiltrate data via Telegram Bot API. Similar campaigns like Operation DupeHike are also targeting Russian corporate entities with DUPERUNNER implant and AdaptixC2 framework.
Sort: