Sophisticated Malware Campaign Targets Czech Officials Using NATO-Themed Decoys
Essential information
- Published
- 28/08/2024 09:27
- Modified
- 28/08/2024 09:35
- Tags
- 2024-08-28 czech republic decoy evasion freeze havoc injection nato persistence rust
- Related entities
- 13 observables, 10 techniques (mitre), 2 malware
Description
Seqrite Labs APT-Team discovered a sophisticated malware campaign targeting government and military officials in the Czech Republic. The campaign leveraged NATO-themed decoy documents to lure victims and employed a multistage attack chain involving a malicious batch script, a Rust-based loader, and the Havoc post-exploitation framework. The campaign utilized advanced techniques like ETW patching, process injection, and encrypted payloads to evade detection and establish persistence on compromised systems. The threat actor behind the operation appears to have Russian origins and used open-source offensive tools extensively.