While utilizing the InQuest Lab’s platform, we recently found an exciting attack targeting victims with a malicious document masquerading as a Ukrainian Military payroll document. The attack chain utilizes a remote template and has geofencing capability to only serve and infect victims within the Ukrainian network. This campaign has been attributed to Russia’s Gamaredon APT group.

Gamaredon is an advanced persistent threat (APT) group that has been active since 2013. Their campaigns are generally known for targeting Ukrainian government institutions. From late 2019 to February of this year, researchers published several reports on Gamaredon, tracking the group’s activities. InQuest previously wrote about their activity in the GlowSpark report.

Get in touch to learn how InQuest can stop these threats!

InQuest Email Security Assessment

This month we harvested 1211 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 304 (26%), and Google missed 1095 (90%). The distribution of misses by file type is depicted below:

InQuire for a free, personalized email security assessment!

Latest InQuest™ Blog Posts

Follina, the Latest in a Long Chain of Microsoft Office Exploits

Posted on 2022-06-23 by Pedram Amini

Microsoft Office has been a long favorite delivery mechanism for malicious payloads, from pen-testers to nation-state threat actor groups, and for good reason. Widely adopted. Large attack surface. Robust legacy support. These traits have been the source of news headlines for decades.

GlowSand

Posted on 2022-06-27 by Isabelle Quinn

Tools used by threat actors aimed at Ukraine and neighboring countries are constantly changing. Since in many cases the context of successful attacks is the use of documents in email attachments, we will consider some of the novelties of attackers that target Ukrainian government organizations. When these tools shattered like grains of sand, we named it GlowSand.

InQuest™ Labs Research Spotlight

Terry the Terraformer

A Python CLI tool for deploying red team infrastructure across mutliple cloud providers, all integrated with a virtual Nebula network.

My Arsenal of AWS Security Tools

A collection of AWS security tools ranging from blue, purple, and red.

Qu1cksc0pe

All-in-One malware analysis tool for analyze Windows, Linux, OSX binaries, Document files and APK files.

Global Security Events

Countering hack-for-hire groups

Google's Threat Analysis Group on Thursday disclosed it had acted to block as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E.

Attacks on industrial control systems using ShadowPad

In mid-October 2021 Kaspersky ICS CERT researchers uncovered an active ShadowPad backdoor infection on industrial control systems (ICS) in Pakistan.

DragonForce Gang Unleash Hacks Against Govt. of India

A hacktivist group called DragonForce Malaysia, with the assistance of several other threat groups, has begun indiscriminately scanning, defacing and launching denial-of-service attacks against numerous websites in India.

Useful Links

Support

Social

Twitter

GitHub

InQuest™ Insider - Your monthly resource for the latest in cyber security news, trends, tips and tools. Subscribe here.

Unsubscribe here.