Midnight Blizzard, a group of hackers Russians attack diplomats. These professionals were passed through “an important European Foreign Ministry” and They were going to the victims with emails phising that invited diplomats to a fake wines.
According to the media these emails contained a malicious link that led, in some cases, to discharge of a file, which finally led to the implementation of Grapeloader. ”
In this way, “basic information about the host infected, as your name and username. These data are then sent to the command and control server (C2), where it expects the Shellcode From the next stage, “says the publication.
In this sense, the grepeloader “It is mainly used to take the fingerprints of the infected environment, establish persistence and recover the payload of the next stage.”
According to the reports to which the medium has had access, in this particular attack, the group used password spray techniques to compromise an inherited account. Following the incident, Microsoft revealed that The group was able to access a “very small percentage” of corporate email accounts.
Stay up to date with the HuffPost! Follow all the news from your mobile in our. You can download it for both.
