NOVA: blast from the past
Feb. 4, 2025, 5:14 p.m.
Tags
External References
Description
A large-scale campaign targeting Russian organizations across various industries has been uncovered. The attackers are using NOVA stealer, a commercial fork of SnakeLogger, distributed via phishing emails disguised as contract archives. NOVA, marketed under the Malware-as-a-Service model, steals credentials, captures keystrokes, takes screenshots, and extracts clipboard data. The malware gains persistence through Windows Task Scheduler and can disable security features. It's distributed on underground forums with subscriptions starting at $50. The campaign highlights the ongoing threat of stealers and the potential for stolen data to be used in future targeted attacks.
Date
Published: Feb. 4, 2025, 4:46 p.m.
Created: Feb. 4, 2025, 4:46 p.m.
Modified: Feb. 4, 2025, 5:14 p.m.
Indicators
8004a9c84332b68b0a613a5de9dcf639e415feb14b3da926e164375f3c5a3609
Attack Patterns
SUPERNOVA
SnakeLogger
T1562.004
T1543.003
T1053.005
T1573.001
T1059.003
T1059.001
T1115
T1056.001
T1113
T1070.004
T1562.001
T1057
T1055
T1027
T1041
T1078
Additional Informations
Russian Federation