Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Azerbaijan Targeted in Rust Malware

September 20, 2023
Reading Time: 2 mins read
in Alerts

In a recent cybersecurity development, a new campaign named “Operation Rusty Flag” has emerged, with Azerbaijan being the primary target of a sophisticated Rust-based malware deployment. Cybersecurity experts from Deep Instinct have been closely monitoring this operation, which has not been directly associated with any known threat actor or group. This campaign exhibits a high level of complexity, featuring at least two distinct initial access vectors.

One particularly noteworthy aspect is the use of a modified document previously employed by the Storm-0978 group, raising suspicions of a potential “false flag” operation.

The attack chain within Operation Rusty Flag is multifaceted, utilizing an LNK file named 1.KARABAKH.jpg.lnk as a launchpad to access a second-stage MSI installer hosted on Dropbox. This installer, upon execution, deploys a Rust-written implant, an XML file for scheduling tasks to execute the implant, and a decoy image file adorned with watermarks of the Azerbaijan Ministry of Defense symbol.

An alternative infection vector involves a Microsoft Office document titled “Overview_of_UWCs_UkraineInNATO_campaign.docx,” exploiting a six-year-old memory corruption vulnerability (CVE-2017-11882) in Microsoft Office’s Equation Editor. This leverages a Dropbox URL to introduce a different MSI file, serving a variant of the same Rust backdoor.

Notably, the use of “Overview_of_UWCs_UkraineInNATO_campaign.docx” as a lure is significant, as it bears the same filename previously utilized by Storm-0978 in recent cyberattacks targeting Ukraine, capitalizing on an Office remote code execution flaw (CVE-2023-36884). This similarity suggests an intentional attempt to mislead and attribute the attack to Storm-0978, indicating a potential false flag operation.

The Rust-based backdoor, one of which disguises itself as “WinDefenderHealth.exe,” possesses the ability to gather data from compromised systems and transmit it to a server controlled by the attackers.

While the precise objectives of Operation Rusty Flag remain uncertain, there is speculation that it may be a red team exercise, testing the waters with this evolving malware. Security experts note that Rust is gaining popularity among malware authors, and existing security products struggle to accurately detect Rust-based threats due to the complexity of reverse engineering involved in identifying such malware.

Reference:
  • Operation Rusty Flag – A Malicious Campaign Against Azerbaijanian Targets
Tags: Alerts 2023AzerbaijanCyber AlertCyber Alerts 2023CybersecurityMalwareOperation Rusty FlagRustRust-based malwareSeptember 2023
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial