Targeted attacks leverage accounts on popular online platforms as C2 servers

Description

A sophisticated cyberattack campaign targeted the Russian IT industry and other entities globally in late 2024. The attackers used social media profiles and popular websites to deliver payload information, bypassing detection methods. They employed spear phishing emails with malicious RAR archives, exploiting DLL hijacking techniques to deploy Cobalt Strike Beacon. The campaign used profiles on GitHub, Microsoft Learn Challenge, Quora, and Russian social networks to conceal activities. The attacks primarily focused on Russian companies but also affected organizations in China, Japan, Malaysia, and Peru. The complexity of the methods used highlights the evolving tactics of threat actors in concealing well-known tools and emphasizes the need for robust cybersecurity measures.