Today > 1 Critical | 4 High | 11 Medium | 6 Low vulnerabilities   -   You can now download lists of IOCs here!

NOVA: blast from the past

Feb. 4, 2025, 5:14 p.m.

Description

A large-scale campaign targeting Russian organizations across various industries has been uncovered. The attackers are using NOVA stealer, a commercial fork of SnakeLogger, distributed via phishing emails disguised as contract archives. NOVA, marketed under the Malware-as-a-Service model, steals credentials, captures keystrokes, takes screenshots, and extracts clipboard data. The malware gains persistence through Windows Task Scheduler and can disable security features. It's distributed on underground forums with subscriptions starting at $50. The campaign highlights the ongoing threat of stealers and the potential for stolen data to be used in future targeted attacks.

Date

Published: Feb. 4, 2025, 4:46 p.m.

Created: Feb. 4, 2025, 4:46 p.m.

Modified: Feb. 4, 2025, 5:14 p.m.

Indicators

8004a9c84332b68b0a613a5de9dcf639e415feb14b3da926e164375f3c5a3609

Attack Patterns

SUPERNOVA

SnakeLogger

T1562.004

T1543.003

T1053.005

T1573.001

T1059.003

T1059.001

T1115

T1056.001

T1113

T1070.004

T1562.001

T1057

T1055

T1027

T1041

T1078

Additional Informations

Russian Federation