“Office Monkeys” Russian actor is using hacked netmon services as C&C

monkeys The APT russian actor “Office Monkeys” is able to perform low-profile attacks against high-value targets after in depth surveillance. The campaign is currently targeting government organizations, research institutions, and think tanks in democratic countries. The actor uses compromised legitimate website to host their spear-phishing end-points and command and control centers. Its spear-phishing attack delivers malware payload via code-protected .zip files¬† attached to the email (with the code to extract it in the body), or by embedding a link to a compromised .zip.

The recent “Post-USA-Electionspear-phishing campaign that the actor has put in place confirms the general attack behavior.¬† However, on the basis of a quick research, this time the “monkeys” are massively exploiting network monitoring services in order to use them as C&C servers.

In addition to the IoCs notoriously known, within the reserved area are available some still unknown IoCs about the actor in question. Some samples are still under analysis. Results will be added progressively as IoCs.

Leave a Reply

Your email address will not be published. Required fields are marked *

+ 6 = 15