A new zero-day vulnerability, CVE-2024-43451, was discovered by ClearSky Cyber Security in June 2024. This vulnerability affects Windows systems and is being actively exploited in attacks against Ukrainian entities. The vulnerability activates URL files containing malicious code through seemingly innocuous actions: The malicious URL files were disguised as academic certificates and were initially observed being […]
Read MoreDoppelgänger NG | Russian Cyberwarfare campaign
ClearSky Cyber Security and SentinelLabs have discovered a new wave of Russian information warfare campaign named Doppelgänger NG. “Doppelgänger” (meaning spirit double, an exact but usually invisible replica) is a global information warfare campaign publishing false information on hundreds of fake websites and social media channels.Our research revealed that “Doppelgänger NG” is again fully operational […]
Read MoreOperation ‘Kremlin’
Introduction ClearSky researchers identified a malicious “.docx” file that was uploaded to VirusTotal from Russia in mid-December. The file contains an obfuscated URL to a remote template which contains malicious VBA, eventually leading to the execution of VBS on the infected machine. The attack’s purpose is to stealthily exfiltrate information without running any external executables […]
Read More