Emojis Control the Malware in Discord Spy Campaign

Emojis Control the Malware in Discord Spy Campaign

June 17, 2024 at 04:57PM

An advanced persistent threat (APT) from Pakistan is conducting cyber espionage against Indian government organizations using the “Dirty Pipe” Linux bug and the Discord-based malware, Disgomoji. The malware utilizes emojis for commands, making it user-friendly but not significantly impacting security software detections. UTA0137 has also been observed exploiting the old Linux bug, which requires organizations to ensure up-to-date operating systems. Access to Discord should be carefully evaluated to mitigate potential malware infections.

Based on the meeting notes, the key takeaways are:
1. An advanced persistent threat (APT) from Pakistan is conducting cyber espionage against Indian government organizations using an old Linux bug (CVE-2022-0847) and a Discord-based malware known as Disgomoji which operates using emojis for instructions.
2. UTA0137 is the group behind the cyber espionage, and they have been successful in compromising high-level targets. The malware, Disgomoji, uses Discord as its command center and is operated through emojis to perform various malicious activities.
3. The exploitation of the “Dirty Pipe” bug, despite being publicized two years ago, is still a concern as it affects a Linux distribution with a significant user base in India.
4. Organizations should prioritize network monitoring and ensure that their operating systems are consistently updated to protect against known vulnerabilities such as Dirty Pipe.
5. It is advisable for organizations to assess whether access to Discord is essential for their users and consider blocking it if deemed unnecessary, especially for those likely to be targeted by UTA0137.

These takeaways highlight the urgency for organizations to address the specific threats posed by the APT from Pakistan and to take proactive measures to protect against cyber espionage and malware attacks.

Full Article