In a world where cyber threats are constantly evolving, a new malware campaign named “Voldemort” has emerged, targeting organizations globally while impersonating tax authorities in Europe, Asia, and the US. This sophisticated malware campaign has impacted numerous organizations, with over 20,000 phishing messages reported since its launch on Aug. 5, as per a report from Proofpoint.
The custom backdoor malware, coded in C, is specifically designed for data exfiltration and deploying additional malicious payloads. One of the unique tactics employed by this attack is the utilization of Google Sheets for command and control (C2) communications, along with files embedded with a malicious Windows search protocol. When a victim downloads the malware, it leverages a legitimate version of WebEx software to load a DLL that establishes communication with the C2 server.
The campaign took a drastic turn on Aug. 17 when nearly 6,000 phishing emails were sent in a single day, primarily posing as tax agencies. The emails were crafted to mimic respected institutions like the US Internal Revenue Service (IRS), the UK’s HM Revenue & Customs, and France’s Direction Générale des Finances Publiques, among others. These emails were carefully tailored in the native languages of the respective tax authorities, adding an extra layer of authenticity to the traps.
Despite the elaborate nature of this campaign, its ultimate goal remains unclear. However, researchers at Proofpoint speculate that it is likely geared towards espionage, given Voldemort’s intelligence-gathering capabilities and potential for deploying additional malicious payloads.
Expert opinions shed light on the vulnerability of organizations that rely on Google platforms, as they are at higher risk of falling victim to Voldemort. Mayuresh Dani, manager of security research at Qualys Threat Research Unit, points out that without monitoring for specific indicators of compromise, these attacks can easily evade detection.
Moreover, Omri Weinberg, co-founder and CRO at DoControl, emphasizes the importance of establishing clear protocols for handling sensitive requests, especially those related to financial matters. He stresses the need for employee education on recognizing and responding to impersonation attacks effectively.
To shield against such personalized phishing attacks, Jason Soroko, senior fellow at Sectigo, suggests enhancing email filtering systems and training employees to identify and report suspicious emails. Additionally, he advocates for the implementation of strong multi-factor authentication (MFA) and regular updates to reduce exposure to publicly available information.
In conclusion, the evolving landscape of cyber threats necessitates a proactive approach towards cybersecurity. Implementing advanced security measures, such as endpoint detection and response tools, network segmentation, security patches, and data encryption practices, is crucial in safeguarding sensitive information. By staying vigilant and adhering to best practices recommended by experts, organizations can fortify their defenses against sophisticated malware campaigns like Voldemort.