Russian Cyberespionage Group Targets Ukraine with BadPaw and MeowMeow Malware Campaign
A phishing campaign linked to Russia targets Ukrainian organizations using BadPaw and MeowMeow malware. The attack starts with a phishing email containing a ZIP link, which, when opened, executes an HTA file that lures victims with messages about border crossing appeals while initiating malware deployment. BadPaw serves as a .NET-based loader that communicates with remote servers to install the MeowMeow backdoor. The operation exhibits tactics consistent with Russian cyber operations, including environmental checks to avoid detection.
Theia Market Signal Identification - AI Assisted
Researchers identified a phishing campaign connected to a Russian cyberespionage group targeting Ukrainian organizations with two malware families: BadPaw and MeowMeow. The attack begins with a phishing email linking to a ZIP archive that, when opened, runs an HTA file displaying a lure about border crossing appeals.
This leads to the download of BadPaw, a .NET-based loader that communicates with a command-and-control server to install MeowMeow, a sophisticated backdoor. Both malware strains employ .NET Reactor for obfuscation and incorporate defense mechanisms such as environmental checks to detect analysis tools. The campaign is attributed to a Russia-linked threat actor with moderate confidence.
Comments