{"id":166924,"date":"2024-08-12T08:30:15","date_gmt":"2024-08-12T08:30:15","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=166924"},"modified":"2024-08-12T08:30:17","modified_gmt":"2024-08-12T08:30:17","slug":"eastwind-campaign-targets-russian-organizations","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/166924\/apt\/eastwind-campaign-targets-russian-organizations.html","title":{"rendered":"EastWind campaign targets Russian organizations with sophisticated backdoors"},"content":{"rendered":"
<\/div>\n
A campaign tracked as EastWind is targeting Russian government and IT organizations with PlugY and GrewApacha Backdoors.<\/h2>\n\n\n\n
In late July 2024, Kaspersky researchers detected a series of targeted cyberattacks against the Russian government and IT organizations. Kaspersky named this campaign has EastWind.<\/gwmw><\/gwmw><\/p>\n\n\n\n
Threat actors sent phishing emails with RAR archive attachments containing a Windows shortcut to install malware. The attackers sent commands to the malware via Dropbox, leading to the installation of additional Trojans, such as tools from the APT31 cyber espionage group and an updated version of the CloudSorcerer<\/a> backdoor called GrewApacha. <\/p>\n\n\n\n