Cybersecurity Firm Mandiant has observed that a new malware campaign is on the prowl that started on December 2nd, 2020 targeting over 50 organizations so far. Researchers say that the campaign was launched by a hacking group named UNC2529 that might be connected to the state funded intelligence belonging to an Asian country.
The first campaign started in December last year when the hackers sent phishing emails laced with malicious links to over 247 organizations hailing from US and APAC nations. Out of which 74 of them fell as easy targets to the cyber crooks.
So far it was found that UNC2529 was targeting US Organizations that belonged to finance, education, health, retail, transportation, and utilities industries and was found spreading three malware variants dubbed Doubledrag, Doubledrop, and Doubleback.
Going forward with the details, Doubledrag is termed as an obfuscated JavaScript Downloader, whereas Doubledrop is dubbed as a memory only dropper that contains Powershell scripts that launches a backdoor as Doubleback.
FireEyeās Mandiant says that employee education will help companies from falling prey to such malware campaigns that target only Windows machines. Also, patching of the operating systems and using of anti malware solutions will surely help companies from falling prey to such cyber attacks.
As of now, the researchers from Mandiant labs do not know about the real motives of the hackers and are still searching for solid evidence on their link up with a state funded intelligence group.
