A cyberespionage group named Goffee has launched a new campaign targeting Russian military and defense organizations, using malicious Excel files to deliver a backdoor called EchoGather. The group, believed to be pro-Ukrainian, is actively developing new methods to evade detection, though their operations still show signs of evolving tradecraft. #Goffee #EchoGather
Keypoints
- The campaign involved malicious Excel files uploaded to VirusTotal and targeted Russian military personnel.
- The backdoor EchoGather allows attackers to collect system info, execute commands, and transfer files.
- Goffee relies on Russian-language phishing lures, including fake invitations and defense contract documents.
- The group has demonstrated evolving tactics and methods to avoid detection, with some signs of artificial language errors.
- Previous operations include USB data theft and exploiting vulnerabilities like zero-days and known flaws in Russian systems.
Read More: https://therecord.media/cyber-spies-fake-new-year-concert-russian-phishing