Back

The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers 'Voldemort'

Sept. 2, 2024, 8:50 p.m.

Tags

apt
espionage
cobalt strike
2024-09-02
tax authorities
voldemort

External References

https://www.proofpoint.com/

https://otx.alienvault.com/

Description

Proofpoint researchers uncovered an unusual campaign delivering custom malware named "Voldemort". The activity impersonated tax authorities from various countries and targeted dozens of organizations worldwide. The attack chain combines popular and uncommon techniques, including using Google Sheets for command and control. The malware has capabilities for information gathering and delivering additional payloads. While the campaign exhibits some characteristics of cybercriminal activity, the nature and capabilities of the malware suggest an espionage objective. The threat actor utilized multiple techniques becoming more popular in the cybercrime landscape, making attribution challenging. The campaign's unusual combination of sophisticated and basic elements makes it difficult to assess the threat actor's capabilities and ultimate goals.

Date

Published Created Modified
Sept. 2, 2024, 8:33 p.m. Sept. 2, 2024, 8:33 p.m. Sept. 2, 2024, 8:50 p.m.

Indicators

6bdd51dfa47d1a960459019a960950d3415f0f276a740017301735b858019728

fa383eac2bf9ad3ef889e6118a28aa57a8a8e6b5224ecdf78dcffc5225ee4e1f

561e15a46f474255fda693afd644c8674912df495bada726dbe7565eae2284fb

3fce52d29d40daf60e582b8054e5a6227a55370bed83c662a8ff2857b55f4cea

0b3235db7e8154dd1b23c3bed96b6126d73d24769af634825d400d3d4fe8ddb9

83.147.243.18

https://resource.infinityfreeapp.com/0023012-317.html

https://resource.infinityfreeapp.com/ABC_of_Tax.html

https://pubs.infinityfreeapp.com/Steuerratgeber.html

https://pubs.infinityfreeapp.com/SA150_Notes_2024.html

https://pubs.infinityfreeapp.com/Notice_pour_remplir_la_N%C2%B0_2044.html

https://pubs.infinityfreeapp.com/La_dichiarazione_precompilata_2024.html

https://pubs.infinityfreeapp.com/IRS_P966.html

https://od.lk/s/OTRfODQ5MzQ5Mzlf/ABC_of_Tax.pdf

https://od.lk/s/OTRfODQ4ODE4OThf/logo.png

https://od.lk/s/OTRfODQ1NzA0Mjlf/einzelfragen_steuerbescheinigungen_de.pdf

https://od.lk/s/OTRfODQ1Njk2ODVf/2044_4765.pdf

https://od.lk/s/OTRfODM5Mzc3NjFf/irs-p966.pdf

https://od.lk/s/OTRfODQ1NDc2MjZf/SA150_Notes_2024.pdf

https://od.lk/s/OTRfODM3MjM2NzVf/La_dichiarazione_precompilata_2024.pdf

https://od.lk/s/OTRfNzQ5NjQwOTJf/test.png

no_reply_irs.gov@amecaindustrial.com

Attack Patterns

Voldemort

Cobalt Strike - S0154

T1568

T1569.002

T1102.002

T1059.006

T1059.001

T1547.001

T1573

T1016

T1518

T1082

T1057

T1105

T1083

T1055

T1204

T1140

T1033

T1027

T1566

Additional Informations

Aerospace

Insurance

Transportation

Education

Virgin Islands, U.S.

British Indian Ocean Territory

India

Italy

Japan

France

Germany