Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Azerbaijan Targeted in Rust Malware

September 20, 2023
Reading Time: 2 mins read
in Alerts

In a recent cybersecurity development, a new campaign named “Operation Rusty Flag” has emerged, with Azerbaijan being the primary target of a sophisticated Rust-based malware deployment. Cybersecurity experts from Deep Instinct have been closely monitoring this operation, which has not been directly associated with any known threat actor or group. This campaign exhibits a high level of complexity, featuring at least two distinct initial access vectors.

One particularly noteworthy aspect is the use of a modified document previously employed by the Storm-0978 group, raising suspicions of a potential “false flag” operation.

The attack chain within Operation Rusty Flag is multifaceted, utilizing an LNK file named 1.KARABAKH.jpg.lnk as a launchpad to access a second-stage MSI installer hosted on Dropbox. This installer, upon execution, deploys a Rust-written implant, an XML file for scheduling tasks to execute the implant, and a decoy image file adorned with watermarks of the Azerbaijan Ministry of Defense symbol.

An alternative infection vector involves a Microsoft Office document titled “Overview_of_UWCs_UkraineInNATO_campaign.docx,” exploiting a six-year-old memory corruption vulnerability (CVE-2017-11882) in Microsoft Office’s Equation Editor. This leverages a Dropbox URL to introduce a different MSI file, serving a variant of the same Rust backdoor.

Notably, the use of “Overview_of_UWCs_UkraineInNATO_campaign.docx” as a lure is significant, as it bears the same filename previously utilized by Storm-0978 in recent cyberattacks targeting Ukraine, capitalizing on an Office remote code execution flaw (CVE-2023-36884). This similarity suggests an intentional attempt to mislead and attribute the attack to Storm-0978, indicating a potential false flag operation.

The Rust-based backdoor, one of which disguises itself as “WinDefenderHealth.exe,” possesses the ability to gather data from compromised systems and transmit it to a server controlled by the attackers.

While the precise objectives of Operation Rusty Flag remain uncertain, there is speculation that it may be a red team exercise, testing the waters with this evolving malware. Security experts note that Rust is gaining popularity among malware authors, and existing security products struggle to accurately detect Rust-based threats due to the complexity of reverse engineering involved in identifying such malware.

Reference:
  • Operation Rusty Flag – A Malicious Campaign Against Azerbaijanian Targets
Tags: Alerts 2023AzerbaijanCyber AlertCyber Alerts 2023CybersecurityMalwareOperation Rusty FlagRustRust-based malwareSeptember 2023
ADVERTISEMENT

Related Posts

Hackers Use Leaked Shellter License Malware

Windows BitLocker Vulnerability Flaw

July 9, 2025
Hackers Use Leaked Shellter License Malware

Hackers Use Leaked Shellter License Malware

July 9, 2025
Hackers Use Leaked Shellter License Malware

Anatsa Android Trojan Targets 90K Users

July 9, 2025
AMOS Mac Stealer Adds Persistent Backdoor

AMOS Mac Stealer Adds Persistent Backdoor

July 8, 2025
AMOS Mac Stealer Adds Persistent Backdoor

NordDragonScan Malware Steals Windows Data

July 8, 2025
AMOS Mac Stealer Adds Persistent Backdoor

New Ransomware BERT Targets ESXi Systems

July 8, 2025

Latest Alerts

Windows BitLocker Vulnerability Flaw

Anatsa Android Trojan Targets 90K Users

Hackers Use Leaked Shellter License Malware

New Ransomware BERT Targets ESXi Systems

NordDragonScan Malware Steals Windows Data

AMOS Mac Stealer Adds Persistent Backdoor

Subscribe to our newsletter

    Latest Incidents

    Credit Reports Breached And Sold On Dark Web

    Recruiting Software Exposed 26M Resumes

    Norwegian Municipalities Hit by Data Breach

    French Chip Firm Semco Hacked During IPO

    Louis Vuitton Korea Hit By Cyberattack

    Virginia School District Hit By Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial