SPICA Backdoor Linked to Russian Hacker Collective

ddos attack russia

The Threat Analysis Group (TAG) at Google revealed that the Russian hacking group COLDRIVER is engaged in credential phishing activities targeting prominent NGOs, former intelligence and military personnel, as well as NATO governments.

TAG has been actively monitoring and reporting on COLDRIVER's espionage efforts aligned with Russian government interests. In an effort to enhance the community's awareness of COLDRIVER's activities, Wesley Shields of TAG highlighted their extended capabilities, which now include the deployment of malware.

COLDRIVER conducts campaigns against Ukraine, NATO nations, academic institutions, and NGOs. The group often adopts the guise of experts or individuals associated with the target to gain the trust of their victims.

TAG has observed COLDRIVER sending seemingly harmless PDF documents from impersonation accounts, presenting them as op-eds or articles seeking feedback for publication. Upon opening the PDFs, the text is revealed to be encrypted.

If the target expresses difficulty reading the document, the impersonation account responds with a link claiming to be a "decryption" utility. However, this utility is, in reality, a backdoor known as SPICA, providing the attackers access to the victim's machine.

What Exactly is the SPICA Backdoor?

The SPICA backdoor malware is a customer tool written in Rust, utilizing websocket communication for commanding and controlling affected devices. It empowers attackers to execute various commands on infected devices, such as running arbitrary shell commands, stealing cookies from browsers like Chrome, Firefox, Opera, and Edge, uploading and downloading files, accessing the filesystem, and exfiltrating documents.

Google utilizes TAG's findings to enhance the safety and security of its products. The identified websites, domains, and files are integrated into safe browsing protocols to prevent further exploitation. TAG also notifies targeted Gmail and Workspace users of potential attacks and encourages them to utilize enhanced safe browsing for added protection.

By Zaib
January 19, 2024
Malware
English
January 19, 2024
Malware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Malware

Giddome Backdoor Linked to Russian Threat Actor

Security researchers with Symantec recently published a report on new activity conducted by Russian threat actors and aimed at Ukrainian targets. The threat actor is known by several aliases, including Gamaredon and... Read more

August 18, 2022
Malware

WhiskerSpy Backdoor Linked to APT

Researchers have identified a new backdoor that has been linked to the advanced persistent threat group Earth Kitsune, a group they have previously studied. Earth Kitsune has been distributing self-developed backdoors... Read more

February 20, 2023
Computer Security

NoName Hacker Collective Targets Swiss Government

Switzerland's finance ministry has confirmed that several websites belonging to Swiss federal agencies and state-linked companies were inaccessible on June 12, 2023, as a result of a cyber-attack. The attack was... Read more

June 13, 2023
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.