Sophisticated Malware Campaign Targets Czech Officials Using NATO-Themed Decoys

Description

Seqrite Labs APT-Team discovered a sophisticated malware campaign targeting government and military officials in the Czech Republic. The campaign leveraged NATO-themed decoy documents to lure victims and employed a multistage attack chain involving a malicious batch script, a Rust-based loader, and the Havoc post-exploitation framework. The campaign utilized advanced techniques like ETW patching, process injection, and encrypted payloads to evade detection and establish persistence on compromised systems. The threat actor behind the operation appears to have Russian origins and used open-source offensive tools extensively.