Russian state-sponsored threat group Sandworm deployed attacks involving malicious Microsoft Key Management Service activators and bogus Windows updates against Ukrainian Windows users since late 2023, BleepingComputer reports.Sandworm, also known as APT44, Seashell Blizzard, and UAC-0113, launched numerous malware intrusions as part of the campaign.The most recent attack involved the distribution of a fake KMS activation tool containing the BACKORDER malware loader that facilitated DarkCrystal RAT delivery following Windows Defender deactivation, according to an EclecticIQ analysis.DcRAT enabled the exfiltration of targeted devices' saved credentials, browser cookies and histories, keystrokes, FTP credentials, and system details."Many users, including businesses and critical entities, have turned to pirated software from untrusted sources, giving adversaries like Sandworm (APT44) a prime opportunity to embed malware in widely used programs. This tactic enables large-scale espionage, data theft, and network compromise, directly threatening Ukraine's national security, critical infrastructure, and private sector resilience," said EclecticIQ.
Security Program Controls/Technologies
New Sandworm Attacks Use Trojanized MSFT Activators
(Adobe Stock)
You can skip this ad in 5 seconds