Kaspersky discovered cyberattacks that sourced information from GitHub, Quora and social networks to target organizations
To infiltrate victims' devices, the attackers sent spear phishing emails which were disguised as legitimate communications from major state-owned companies, particularly within the oil and gas sector. The text was phrased to look like there was interest in products and services of the victim organization to convince the recipient to open the malicious attachment. The attachment was an archive with what looked like PDF files containing requirements for the requested products and services – but in fact some of these PDFs were executable EXE and DLL files containing malware.
The attackers leveraged DLL highjacking techniques and exploited the legitimate Crash reporting Send Utility which is originally designed to help developers get detailed, real-time crash reports for their applications. To function, the malware also retrieved and downloaded a code that was stored in public profiles on popular legitimate platforms to avoid detection. Kaspersky found this code encrypted inside profiles on GitHub, and links to it (also encrypted) – on other GitHub profiles, Microsoft Learn Challenge, Q&A websites, and even Russian social media platforms. All of these profiles and pages were created specifically for this attack. After the malicious code was executed on victims' machines, Cobalt Strike Beacon was launched, and the victims' systems were compromised.
' While we didn't find any evidence of the attackers using real people's social media profiles, as all the accounts were created specifically for this attack, there's nothing stopping the threat actor from abusing various mechanisms these platforms provide. For instance, malicious content strings could be posted in comments on legitimate users' posts. Threat actors are using increasingly complex methods to conceal long-known tools, and it's important to stay up to date with the latest threat intelligence to be protected from such attacks,' comments Maxim Starodubov, Malware Analyst Team Lead at Kaspersky.
The method used to retrieve the download address for the malicious code is similar to what was observed in the EastWind campaign linked to Chinese-speaking actors.
Kaspersky recommends that organizations follow these security guidelines to stay safe:
Track the status of digital infrastructure and continuously monitor the perimeter.
Use proven security solutions to detect and block malware embedded within bulk email.
Train staff to increase cybersecurity awareness.
Secure corporate devices with a comprehensive system, such as Kaspersky Next, that detects and blocks attacks in the early stages.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Al Etihad
9 hours ago
- Al Etihad
Abdulla Al Hamed's visit to ChinaJoy 2025 paves way for future Emirati-Chinese collaboration in gaming
6 Aug 2025 16:58 SHANGHAI (WAM) Abdulla bin Mohammed bin Butti Al Hamed, Chairman of the UAE National Media Office and Chairman of the UAE Media Council, along with the BRIDGE delegation, embarked on a strategic visit to ChinaJoy 2025, China's premier event in the digital entertainment visit was part of the preparatory tour for the BRIDGE Summit 2025 — the largest global platform uniting media, cultural, and creative content creators, leaders, and decision-makers to transform how the world to take place in Abu Dhabi from December 8 to 10, the Summit aims to catalyse cross-sectoral ChinaJoy visit focused on exploring cutting-edge developments in gaming, AI, and technology, while identifying new opportunities for collaboration between the UAE and China's rapidly evolving creative the visit, the delegation had a friendly exchange with Han Zhihai, founder of Howell Expo Co., Ltd. (the organizer of ChinaJoy) and founder of ChinaJoy. Under his leadership, through 20 years of continuous development, ChinaJoy has now grown into a leading exhibition in the global digital entertainment industry.A new era of UAE-China collaboration in gaming and digital innovationAt ChinaJoy 2025, Al Hamed, along with the BRIDGE delegation, toured cutting-edge displays showcasing the latest in mobile gaming, immersive tech, AI-driven platforms, and smart mobility solutions. OnePlus, a leading smartphone brand under OPPO, demonstrated gaming-optimised devices featuring advanced cooling systems and high-refresh-rate displays. Douyin, China's answer to TikTok, showcased its innovative AI tools that empower gaming influencers, allowing real-time content creation and viral gaming visit also featured BYD, a global electric vehicle leader, highlighting their smart cockpit systems and integrated gaming platforms, demonstrating how the future of smart mobility intertwines with entertainment and CreateAI provided insights into the next frontier of generative AI for virtual avatars and NPCs, offering a glimpse into the evolving Al Hamed affirmed the pivotal role of advanced digital technologies in reshaping the entertainment and gaming industries, noting that ChinaJoy is one of the world's leading platforms showcasing the latest AI innovations driving transformation in the stressed that artificial intelligence now represents the primary driving force behind the industry's growth and its elevation to new also highlighted the importance of building strategic partnerships with major global leaders in the technology and digital entertainment sectors to enhance knowledge exchange and adopt the latest smart solutions that enrich user experience and drive innovation across the part of the ongoing BRIDGE initiative, the UAE seeks to position itself as a central player in this emerging BRIDGE 2025 Summit in Abu Dhabi will bring together global leaders in media, gaming, technology, and digital entertainment to explore transformative opportunities, investments and furthering the collaboration between the UAE, China, and the global gaming supporting these key sectors, BRIDGE aims to strengthen its role as a platform for creating actionable pathways that will reshape the future of digital content and communication on a global scale.
Tahawul Tech
9 hours ago
- Tahawul Tech
Most UAE security experts overwhelmed by multi-vendor tools, says Kaspersky research
86% of companies in the UAE rely on multi-vendor ecosystems despite the fact that such fragmented security solutions lead to operational and financial strains. Such findings were revealed in the recent Kaspersky research. A study titled 'Improving resilience: cybersecurity through system immunity,' conducted by Kaspersky, examined how organisations manage cybersecurity today, focusing on vendor fragmentation, operational inefficiencies and future consolidation plans. The survey was conducted across the META (the Middle East, Turkiye and Africa) region, as well as Europe, Russia, Latin America, and the Asia-Pacific region. This report provides a comprehensive analysis of the current state of cybersecurity management across organisations, highlighting significant challenges associated with multi-vendor security environments. Despite these persistent challenges, a majority of organisations in the UAE continue to operate within multi-vendor environments – 86% currently manage security across multiple providers. Interestingly, nearly half (42%) believe that a single cybersecurity provider could sufficiently meet all their needs, suggesting a recognition of the potential benefits of consolidation. However, only 14% have adopted a single-vendor approach in practice, reflecting a cautious approach driven by concerns over over-reliance on one supplier or the perceived risks associated with vendor lock-in. The landscape is rapidly shifting toward consolidation: an overwhelming 93% of firms are actively moving in this direction, a quarter (21%) have already begun merging their security tools into unified platforms, while an additional 72% plan to do so within the next two years. This trend underscores a strategic shift toward simplifying cybersecurity operations, reducing costs, and achieving more effective threat management through integrated solutions. As organisations increasingly recogniSe the advantages of streamlined security architectures, the move toward vendor consolidation is poised to reshape the cybersecurity landscape in the near future. 'The data from our research indicates that many organisations rely on multiple vendors by default, rather than through deliberate strategic planning. While diversification of security solutions can offer certain benefits, such as risk mitigation and coverage breadth, an unchecked increase in complexity often leads to significant resource drain and operational inefficiencies. Moreover, this complexity can create critical blind spots, making it harder to maintain comprehensive threat visibility and respond effectively to emerging risks. The emerging trend toward consolidation reflects a maturation in cybersecurity strategies, emphasising the adoption of integrated platforms that streamline management, reduce manual effort, and enhance overall visibility into security posture,' said Ilya Markelov, Head of Unified Platform product line at Kaspersky. To enable comprehensive protection of all business assets and processes, Kaspersky experts recommend to use centralised and automated solutions such as Kaspersky Next XDR Expert. By aggregating and correlating data from multiple sources in one place and using machine-learning technologies, this solution provides effective threat detection and fast automated response. Out-of-the-box integrations, automation features and case management help make infrastructure complexity much less of an issue.
Zawya
11 hours ago
- Zawya
Du partners with Microsoft, Nokia, Khalifa University, and ITU to launch region's first Arabic Telecom LLM for Operational Excellence
Landmark collaboration to deliver an Arabic Telecom Large Language Model (LLM) tailored for internal operations, driving efficiency, automation and AI-driven innovation across systems at du. Dubai, UAE: du, the leading telecom and digital services provider, has partnered with Microsoft, Nokia, Khalifa University's 6G Research Center, and the International Telecommunication Union (ITU) to launch a first-of-its-kind Arabic Telecom Large Language Model (LLM). This cross-sector partnership brings together global tech innovation, regional research leadership, and international policy guidance to co-create an AI model that serves critical telecom functions in Arabic—a first in the industry. The du Arabic Telecom LLM is tailored specifically for internal telecom operations and is designed to enhance the efficiency of du's processes while advancing the UAE's vision for sovereign AI capabilities. This breakthrough collaboration introduces an Arabic-language telecom assistant that supports du's internal teams by enabling real-time customer complaint handling, device issue resolution, and intelligent operational insights through culturally fluent and context-aware dialogue. The model is built to transform internal processes while ensuring alignment with linguistic precision and cultural nuances specific to the UAE market. Saleem AlBlooshi, Chief Technology Officer at du, said: " du Arabic Telecom LLM reflects our commitment to improving internal efficiency and customer experiences using advanced, culturally attuned solutions. Together with our esteemed partners, Microsoft, Nokia, Khalifa University and ITU, we are building a future where AI speaks our language, understands our context, and drives real operational transformation and impactful customer exp." Developed in the UAE, du Arabic Telecom LLM reflects the region's language and cultural standards, ensuring accurate and meaningful applications for internal telecom use across national critical infrastructure. Looking forward, this collaboration lays the groundwork for extending the model's capabilities beyond internal operations to include customer-facing functions and multilingual support, paving the way for broad sectoral innovation. du and its partners are dedicated to advancing this Arabic Telecom LLM as a benchmark for localized, responsible AI application in the telecom industry and beyond. About du du adds life to life with a comprehensive portfolio of mobile, fixed, broadband, entertainment services, and fintech solutions. Through a digital-first approach powered by ultra-reliable fiber and 5G technology, du delivers bespoke solutions leveraging cloud computing, AI-driven analytics, advanced cybersecurity, and IoT integration. As a trusted digital telco enabler spearheading the UAE's digital transformation, we collaborate with a dynamic partner ecosystem to propel industries and society toward operational excellence, shaping a more connected and digitally advanced future across the region.
