"Russian Cyberattacks Unleash OCEANMAP, MASEPIE, and STEELHOOK Malware on Ukraine"
The Ukrainian Computer Emergency Response Team (CERT-UA) has detected a new phishing campaign by the Russian APT28 group, targeting Ukrainian and Polish entities to distribute novel malware strains OCEANMAP, MASEPIE, and STEELHOOK. These malware tools are designed to steal sensitive information, with MASEPIE enabling file transfers and command execution, STEELHOOK extracting web browser data, and OCEANMAP acting as a backdoor for command execution. The campaign uses deceptive emails to initiate the infection, leveraging PowerShell and the IMAP protocol for control and persistence. This follows recent reports of APT28 exploiting a critical Outlook security flaw and using war-related lures for other cyberattacks.