Blog

Aug 12, 2024

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

Posted by in categories: cybercrime/malcode, government

The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind.

The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut (LNK) file that, upon opening, activates the infection sequence, culminating in the deployment of malware such as GrewApacha, an updated version of the CloudSorcerer backdoor, and a previously undocumented implant dubbed PlugY.

PlugY is “downloaded through the CloudSorcerer backdoor, has an extensive set of commands and supports three different protocols for communicating with the command-and-control server,” Russian cybersecurity company Kaspersky said.

Leave a reply