APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
Summary
The Russian state-sponsored hacking group APT28 has launched a new spear-phishing campaign targeting Ukraine and NATO allies. This campaign is distributing a newly discovered malware suite called PRISMEX, which utilizes advanced techniques like steganography, COM hijacking, and cloud service abuse for its command and control infrastructure.
IFF Assessment
The deployment of sophisticated new malware by a known advanced persistent threat actor targeting a geopolitical adversary and its allies represents a significant threat to defenders.
Defender Context
Defenders should be vigilant against spear-phishing attempts originating from or impersonating entities related to Ukraine or NATO. The use of steganography and legitimate cloud services by PRISMEX means traditional network defenses may struggle to detect malicious C2 traffic.