Unicorn: New Spy Scripts Steal Data from Russian Companies

NetmanageIT OpenCTI - opencti.netmanageit.com

Unicorn: New Spy Scripts Steal Data from Russian Companies



SUMMARY :

A new malware campaign targeting Russian energy companies, factories, and electronic component suppliers has been detected. The malware, distributed via email attachments or Yandex Disk links, uses RAR archives containing LNK files to download and execute malicious HTA files. These files create VBS scripts that establish persistence through registry keys and scheduled tasks. The scripts copy files from the user's home directory and Telegram data, then exfiltrate them to the attacker's server. Unlike typical attacks, this malware remains active, continuously stealing new and modified files. The campaign shows no clear connection to known threat groups and is detected as Trojan-Spy.VBS.Unicorn.

OPENCTI LABELS :

data theft,unicorn


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Unicorn: New Spy Scripts Steal Data from Russian Companies