HQ/EMEAFind out how we can help your business
The new malware operation, Red Deer, uses phishing emails that target users in Israel. Based on reports, the new campaign has strong ties with the advanced persistent threat group called Aggah APT and has been active since last year. However, the researchers noticed small shifts in the group’s TTPs.
The Red Deer malware operation came from the logo of an Israeli postal company.
The newly discovered Red Deer malware operation begins its attacks using phishing emails that impersonate the Israeli postal company and portrays a similar red deer logo.
Moreover, the threat operators use social engineering tactics to pressure the recipients into accessing the attachment. The actors will urge the recipients to choose the delivery method of the fake package mentioned in the phishing email.
The attachment is an HTML file that will immediately open on the targeted browser once the user clicks the attached link. However, the process automatically downloads an ISO file once the user bites the bait.
The final stage of the attack includes the deployment of 3losh RAT, a modified version of the AsyncRAT. Experts claimed that they spotted similar incidents but had slight variations in the execution flow.
In an attack in October last year, the threat actors replaced the ZIP archive with an ISO file. The archive includes a [.]wsf script file to download the malware instead of the obfuscated VBS file. In addition, the attack hosted SSL certificates on several domains and IPs so the attackers could maintain and work with one operating server while generating multiple hosts.
Israel has been the subject of different cybercriminal operations recently. Recent research spotted a phishing operation from the threat group called UAC-0063. The attack targeted multiple countries, such as Israel, Kyrgyzstan, Kazakhstan, India, and Mongolia.
As of now, numerous Israel-based organisations have been falling victim to the new Red Deer cybercriminal operation. Therefore, it is essential for organisations to constantly train their employees to identify phishing attacks since new operations become more sophisticated. Lastly, security teams should look at the present IOCs and analyse them to generate effective mitigation protocols.
