Cisco‘s Talos threat intelligence team has discovered a malicious campaign by a suspected Russian hacking group that targeted prospective attendees of a cyber conflict and security conference to be held in the U.S. from Nov. 7 to 8.Researchers from Cisco Talos said in a blog post published Sunday that the hacking group known as Group 74 has sent emails containing a decoy of a Cyber Conflict U.S. conference document loaded with a malicious Visual Basic for Applications macro script.
The report noted that the VBA implements a variant of the Seduploader reconnaissance malware that the hackers have been utilizing for years but instead executed as a standalone with persistence mechanisms and no exploits in what the researchers say could be an effort to ensure viability for future attacks and avoid patch fixes.
Modifications on the malware’s public information to hinder detection based on public indicators of compromise include changes to the obfuscation key and MUTEX name since the security report’s publication, the researchers added.
Capabilities of the Seduploader variant include screenshot capture using graphics device interface application programming interface, data/configuration exfiltration, code execution and file downloading.
The NATO Cooperative Cyber Defense Center of Excellence, which organizes CyCon U.S. with the U.S. Military Academy’s Army Cyber Institute and NATO Cooperative Cyber Military Academy has since released a statement regarding the incident.
