Hackers Attacking Organization With New Malware Mimic as Networking Software Updates
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A sophisticated backdoor targeting various large Russian organizations<\/a> across government, finance, and industrial sectors has been uncovered during a cybersecurity investigation in April 2025. <\/p>\n The malware, which masquerades as legitimate updates for ViPNet secure networking software, enables attackers to steal sensitive data and deploy additional malicious components to compromised systems.<\/p>\n The backdoor specifically targets computers connected to ViPNet networks, a popular software suite used for creating secure networks in Russia. <\/p>\n Cybersecurity experts have determined that the malware is distributed inside LZH archives structured to mimic legitimate ViPNet updates, containing a mix of legitimate and malicious files.<\/p>\n \u201cThis attack demonstrates the increasing sophistication of threat actors who exploit trusted software update mechanisms,\u201d said<\/a> a senior cybersecurity analyst familiar with the investigation.<\/p>\n The malicious archives contain several components: an action.inf text file, a legitimate lumpdiag.exe executable, a malicious msinfo32.exe executable, and an encrypted payload file with varying names across different archives. <\/p>\n The attack leverages a path substitution technique\u2014when the ViPNet update service processes the archive, it executes the legitimate file with specific parameters, which then triggers the execution of the malicious msinfo32.exe file.<\/p>\n Once active, the backdoor establishes connections with command and control (C2) servers via TCP protocols, enabling attackers to exfiltrate files from infected computers and execute additional malicious components.<\/p>\n This discovery comes amid increasing cyber espionage activities. Recent reports have identified new advanced persistent threat (APT)<\/a> groups actively targeting government entities using sophisticated techniques that leverage cloud services and public platforms as command and control infrastructure.<\/p>\n Similar patterns of state-sponsored hacking have been observed elsewhere, with cyberattacks linked to broader campaigns against critical institutions.<\/p>\n ViPNet\u2019s developer has confirmed the targeted attacks against their users and has issued security updates and recommendations to mitigate the threat. <\/p>\n Cybersecurity experts emphasize that as APT groups\u2019 tactics become increasingly complex, organizations must implement multi-layered defense strategies.<\/p>\n Organizations using ViPNet networking solutions are strongly advised to:<\/p>\n Security researchers believe sharing these preliminary findings will help at-risk organizations take swift protective measures against this emerging threat that exploits trusted update mechanisms to penetrate secure networks.<\/p>\n SHA256 hashes<\/strong><\/p>\n The post Hackers Attacking Organization With New Malware Mimic as Networking Software Updates<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nAdvanced Threat Landscape<\/strong><\/h2>\n
\n
Indicators of compromise<\/strong><\/h2>\n
018AD336474B9E54E1BD0E9528CA4DB5
28AC759E6662A4B4BE3E5BA7CFB62204
77DA0829858178CCFC2C0A5313E327C1
A5B31B22E41100EB9D0B9A27B9B2D8EF
E6DB606FA2B7E9D58340DF14F65664B8<\/pre>\nMalware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!->\u00a0Get Your Free Copy<\/a><\/code><\/strong><\/p>\n