The Vidar criminal group is intensifying its operations in Italy, mainly leveraging PEC mailboxes to spread malware. They have introduced new C2 channels via Steam and Telegram profiles, with CERT-AGID countering three campaigns and sharing IoCs with PEC managers. #Vidar #PEC #CERT-AGID #Steam #Telegram
Keypoints
- Vidar group is expanding its operations in Italy.
- PEC mailboxes are the primary attack channel.
- This is the third Vidar campaign observed by CERT-AGID.
- New tactic includes using Steam and Telegram profiles for command and control.
- IoCs have been shared with PEC managers and via the CERT-AGID IoC Feed.
- Users should exercise caution with PEC communications, especially suspicious links.
MITRE Techniques
- [T1566] Phishing β Using PEC mailboxes to deliver malware. Quote: βUtilizing PEC mailboxes to deliver malware.β
- [T1071] Command and Control β Using Steam and Telegram for C2 communications. Quote: βUsing Steam and Telegram for C2 communications.β
- [T1566.002] Spearphishing Link β Distributing malware through malicious links in emails. Quote: βDistributing malware through malicious links in emails.β
Indicators of Compromise
- [URL] IoCs β vidar_pec_26-09-2024.json, and IoC Feed page for broader dissemination. Context: IoCs related to the campaign are provided via official feeds.
- [Email] [email protected] β Context: contact for forwarding suspicious PEC emails.
Read more: https://cert-agid.gov.it/news/nuova-campagna-vidar-via-pec-c2-su-profili-steam-e-telegram/