CERT-UA warns of new surge of malware, OCEANMAP, MASPIE, and STEELHOOK

The Russia-linked APT28 group is using malware to harvest sensitive information, the Computer Emergency Response Team of Ukraine (CERT-UA) warns.

Malware such as OCEANMAP, MASEPIE, and STEELHOOK was used in a targeted attack against government entities between December 15th-25th, 2023.

OCEANMAP is a malicious program developed using C#, MASPIE is malicious software using the Python programming language, and STEELHOOK is a PowerShell script that provides the theft of browser data.

The agency discovered “serval cases of emails with links to “documents” that were discovered in government organizations that led to the damage of computers with malicious programs.”

Emails urging individuals to click a link to view the document redirected the individuals to web resources that contained malicious downloads.

This link misuses JavaScript and features of the application protocol "search" ("ms-search") to download a shortcut file which, if opened, leads to the launch of the PowerShell command, which activates MASEPIE malware.

This avenue also allows the deployment of a different class of malware, including a PowerShell script known as STEELHOOK, which can efficiently harvest data from web browsers.

This deadly combination of OCEANMAP, MASEPIE, and STEELHOOK allows threat actors to steal data from Chrome/Edge internet browsers.

The sophistication of the tactics and techniques used to exfiltrate sensitive data indicates that the threat actors may be the Russian-linked group APT28.

CERT-UA acknowledges that it’s “obvious that the malicious plan also involves taking measures to develop a cyber attack on the organization's entire information and communication system. Thus, the compromise of any computer can threaten the entire network.”

More from Cybernews:

Clash of Clans gamers at risk while using third-party app

Cybernews podcast unpacks 2023's AI odyssey

Microsoft disables App Installer after observing financially motivated threat actor activity

Google accounts may be vulnerable to new hack, changing password won’t help

Top ten biggest security incidents of 2023

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked