A new malicious software program, called Graphiron, has been discovered by the Broadcom-owned Symantec security firm. It is believed to be the work of a Russian-linked espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA). Graphiron is written in the Go programming language and is designed to steal a variety of information from infected computers, including system information, credentials, screenshots, and files. Nodaria has been active since at least April 2021 and has been using SaintBot and OutSteel malware in spear-phishing attacks against government entities since January 2022. The group has also deployed custom backdoors such as GraphSteel and GrimPlant in various campaigns since the Russian military invasion of Ukraine. Graphiron is an improved version of GraphSteel, and is capable of running shell commands and harvesting system information, files, credentials, screenshots, and SSH keys. It is also noteworthy that Graphiron uses Go version 1.18, which was released in March 2022, suggesting that it is a more recent development. The infection chain involves a downloader that retrieves an encrypted payload containing the Graphiron malware from a remote server. Nodaria is now one of the key players in Russia's ongoing cyber campaigns against Ukraine, according to Symantec.
This Cyber News was published on thehackernews.com. Publication date: Wed, 08 Feb 2023 15:02:02 +0000