August 30, 2024 at 01:13PM
The “Voldemort” malware campaign impersonates tax authorities in Europe, Asia, and the US, targeting organizations worldwide. It has affected dozens of organizations, with 20,000+ phishing messages reported. The malware, using Google Sheets for command and control, is designed for data exfiltration and deploying malicious payloads. Experts advise organizations to enhance email filtering, employ multi-factor authentication, and educate employees about impersonation attacks.
Key Points from Meeting Notes:
1. An advanced malware campaign, named “Voldemort,” is targeting organizations globally by impersonating tax authorities in multiple countries.
2. The malware has affected numerous organizations, with over 20,000 reported phishing messages since August 5.
3. The malware is a custom backdoor written in C and designed for data exfiltration and deploying additional malicious payloads.
4. It uses Google Sheets for command and control communications and malicious Windows search protocol in files.
5. The malware leverages a legitimate version of WebEx software to load a DLL that communicates with the control server.
6. The campaign intensified on August 17 with significant phishing email volume impersonating tax agencies such as the IRS, HM Revenue & Customs, and Direction Générale des Finances Publiques.
7. The campaign’s objective appears to be espionage due to Voldemort’s intelligence-gathering capabilities and potential for deploying additional payloads.
8. Organizations using Google platforms are at increased risk, and monitoring for specific indicators of compromise is crucial.
9. Establishing clear protocols for handling sensitive requests, employee education on impersonation attacks, and implementing DMARC and email authentication protocols are essential.
10. Organizations can protect against personalized phishing attacks by enhancing email filtering, training employees, employing strong multi-factor authentication, and implementing robust security measures.
Let me know if you need any further information or if there is anything else you would like to discuss.