Researchers of ESETa global leader in the cybersecurity market, they discovered Hodur: it is a powerful malware exploiting the war in Ukraine. Let’s find out more details together.
Hodur, the malware that exploits the war in Ukraine
ESET recently discovered a cyber espionage campaign – dating from August 2021 and still ongoing – which uses a variant Korplug never documented before originating from the group Mustang Panda APT.
According to what the current campaign revealed exploits the war in Ukraine and other European news topics. Known victims include research institutions, internet service providers (ISP) e European diplomatic missions. ESET researchers named this new variant Korplug Hodur due to its similarity to the variant THOR documented in 2020.
The victims of this campaign are lured by phishing documents exploiting events such as Russia’s invasion of Ukraine. One of the names assigned to the files related to this campaign is “Situation at EU borders with Ukraine.exe”.
Other phishing campaigns in place mention COVID-19 travel restrictions updateda map of local aid approved for Greeceit’s a Parliament’s regulation e of the European Council. In the latter case, the final bait is a real document available on the European Council website. This shows that the APT group responsible for this campaign news follows and most importantly, it acts quickly.
At the moment ESET researchers are not yet able to identify the sectors to which all victims belong. However, this campaign appears to have the same targeting goals as other Mustang Panda campaigns. Following the typical victimology of APT, most of the targets are located in theEast Asia e southeast. We also find some present in European and African countries.
ESET has stated that most of the lenses are located in Mongolia e Vietnamfollowed by Myanmar. They then reported a few cases in Greece, Cyprus, Russia, South Sudan and South Africa.
For further details and insights, you can consult the official site.
Leave a Reply
View Comments