Cyber Security News

Russia-Linked COLDRIVER Group Expands Toolset, Using New Malware in ClickFix Espionage Campaign

CybersecurityNews
Russia-Linked COLDRIVER Group Expands Toolset, Using New Malware in ClickFix Espionage Campaign

Zscaler ThreatLabz uncovered a new multi-stage campaign linked to the Russia-associated APT group COLDRIVER, involving sophisticated malware delivery mechanisms. This cyber operation targets civil society members, such as journalists and human rights defenders, using socially engineered websites and PowerShell-based backdoors. #COLDRIVER #BAITSWITCH #SIMPLEFIX #ClickFix #cyberespionage

Keypoints

  • The campaign uses a fake resource website to trick victims into executing malicious commands.
  • BAITSWITCH is a downloader malware that facilitates persistence and payload delivery.
  • SIMPLEFIX is a PowerShell backdoor that controls various malicious activities remotely.
  • The attack chain involves registry modifications, encrypted payload storage, and trace erasure techniques.
  • The campaign primarily targets civil society, including journalists, activists, and human rights advocates.

Read More: https://securityonline.info/russia-linked-coldriver-group-expands-toolset-using-new-malware-in-clickfix-espionage-campaign/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint