The EastWind campaign involved a series of sophisticated cyberattacks targeting Russian government and IT organizations. The attacks were orchestrated via phishing emails containing RAR archives that led to the installation of malware, including the PlugY and GrewApacha Backdoors. Threat actors exercised control over the malware through Dropbox, allowing them to execute a range of commands and install additional Trojans. The malware was designed to be stealthy and used various techniques, such as DLL sideloading and encrypted payloads, to avoid detection while carrying out espionage activities. The ramifications of the attack included potential access to sensitive government and IT infrastructures, leading to a significant breach of security and the potential compromise of critical data.
Source: https://securityaffairs.com/166924/apt/eastwind-campaign-targets-russian-organizations.html
"id": "fin000081524",
"linkid": "finance-university-under-the-government-of-the-russian-federation",
"type": "Cyber Attack",
"date": "8/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"