Summary: The UK’s National Cyber Security Centre (NCSC) has identified a sophisticated malware named DAMASCENED PEACOCK that targets the UK Ministry of Defence through staged downloader tactics. This malware exemplifies advanced cyber espionage techniques with its use of spear-phishing, code signing, and layered obfuscation, highlighting ongoing threats from state-aligned actors. The infection process involves multiple stages, making it challenging to detect and analyze.
Affected: UK Ministry of Defence (MOD)
Keypoints :
- Spear-phishing campaigns targeting the MOD utilized journalistic and financial themes.
- The malware executes in three stages: an initial dropper, the downloader, and a final payload delivery via COM Hijack.
- Defence evasion techniques include XOR-based string obfuscation and dynamic API resolution to avoid detection.
- DAMASCENED PEACOCK demonstrates adaptability by supporting both 32-bit and 64-bit payloads and using legitimate code signing certificates.
- Communication with command and control (C2) servers occurs over HTTP on port 8080, complicating detection efforts.
Source: https://securityonline.info/damascened-peacock-ncsc-uncovers-sophisticated-malware-targeting-uk-mod/