Malware campaign targets eastern European air-gapped systems
Based on information dated August 3, 2023, an ongoing multi-stage malware campaign is currently directed at industrial organizations situated in Eastern Europe. The primary objective of this campaign is to pilfer valuable intellectual property, including data sourced from air-gapped systems.
Researchers from Kaspersky have successfully identified a pair of implants that are employed to extract data from compromised systems. These implants have been attributed to the APT31 group, which is associated with activities aligned with Beijing.
One of the two identified implants, as highlighted by Kaspersky, identifies removable drives and proceeds to infect them with a worm. The other implant specializes in extracting data from a local computer, subsequently transmitting it to Dropbox by leveraging next-stage implants.
As per the insights provided by Kaspersky's researchers, in this recent instance of malware that specifically targets air-gapped systems, they have successfully identified more than 15 implants and their various iterations, all of which are utilized by the group in different combinations.
Although the initial attack vector has not been disclosed by the researchers, they have indicated that their most recent investigative efforts have been centered around the second-stage malware that is employed to accumulate data from the compromised systems.
Read more about it : here