New Cyber Espionage Campaign Targets Indian Users with Multi-Stage Blackmoon Backdoor
Cybersecurity researchers have uncovered an ongoing cyber espionage campaign specifically targeting users in India. The attack utilizes a multi-stage backdoor and leverages sophisticated evasion techniques to achieve persistent access and data exfiltration from compromised systems. Initial Attack Vector and Malicious Payloads The campaign begins with phishing emails that impersonate the Income Tax Department of India. These emails trick victims into downloading a malicious archive file. The ultimate objective of the threat actors is to deploy a variant of the Blackmoon (also known as KRBanker) banking trojan and repurpose a legitimate enterprise tool, SyncFuture TSM (Terminal Security Management), for espionage purposes. ...