Cyberattacks using PLUGGYAPE malware target Ukraine’s defense with links to the Russian group Void Blizzard. The malicious campaigns employ social engineering and advanced backdoors to infiltrate systems and maintain persistence. #VoidBlizzard #PLUGGYAPE
Keypoints
- The Ukrainian CERT reports new cyberattacks using the PLUGGYAPE malware against defense forces.
- The attack chain involves social engineering, fake websites, and malicious executable files disguised as legitimate documents.
- Updated PLUGGYAPE variants use MQTT protocol, anti-analysis checks, and obfuscation techniques to evade detection.
- The malware connects to command servers via WebSockets or MQTT, using JSON for data exchange and maintaining persistence on infected systems.
- Threat groups linked to Russia, such as Void Blizzard, have been implicated in cyberattacks and breaches involving Ukrainian security infrastructure.