Russian-speaking threat actors from the Commonwealth of Independent States (CIS) recently conducted a cyber campaign using legitimate internet services to distribute malware variants [2], targeting a range of operating systems and computer architectures [1].
Description
The threat actors utilized services like GitHub and FileZilla to distribute malware variants such as Atomic macOS Stealer (AMOS) and Vidar. They conducted a credential harvesting campaign, infecting both Intel-based and ARM-based Macs [1]. Recorded Future highlighted the adaptability and concerning nature of threat actors leveraging trusted services for cyberattacks that steal personal information.
Conclusion
This cyber campaign underscores the importance of cybersecurity measures to protect personal information. Organizations and individuals should remain vigilant and implement strong security protocols to mitigate the risk of falling victim to such attacks. The use of legitimate internet services for malicious purposes poses a significant threat, highlighting the need for continued efforts to combat cyber threats and protect sensitive data.
References
[1] https://www.infosecurity-magazine.com/news/russian-legitimate-services/
[2] https://allinfosecnews.com/item/gitcaught-threat-actor-leverages-github-repository-for-malicious-infrastructure-2024-05-14/
