Agriculture, administrative, and transportation organizations across the Ukrainian regions of Donetsk, Crimea, and Lugansk have been subjected to a sophisticated ongoing attack campaign with the novel CommonMagic framework and PowerMagic backdoor, reports BleepingComputer.
Threat actors have been leveraging spear-phishing emails to facilitate the campaign, with a decoy document eventually enabling the installation of a PowerShell-based PowerMagic backdoor, a Kaspersky report showed.
After communication with the command-and-control server, PowerMagic will then trigger infection with the CommonMagic framework, which was discovered to feature various modules for particular tasks, including traffic encryption and decryption, document theft, and screenshot capturing.
CommonMagic activity is believed to have begun in September 2021, with threat actors further intensifying attacks ever since, according to Kaspersky Global Research and Analysis Team researcher Leonid Besverzhenko.
"The limited victimology and Russian-Ukrainian conflict-themed lures suggest that the attackers likely have a specific interest in the geopolitical situation in that region," said a Kaspersky spokesperson.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds