PlugY

Malware updated a month ago (2024-08-14T10:01:56.270Z)

Download STIX

Preview STIX

PlugY is a newly identified malware that has been deployed by cyber attackers to infiltrate systems and cause significant damage. This malicious software, known for its capacity to exploit and harm computer systems, can enter a system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the potential to steal personal information, disrupt operations, or even hold data hostage for ransom. The malware is particularly insidious as it is downloaded through the CloudSorcerer backdoor, making it difficult to detect and prevent. The malware has been used in a campaign tracked as EastWind, which specifically targets Russian government and IT organizations. In these attacks, PlugY works in conjunction with another backdoor malware known as GrewApacha. The combination of these two malware types enhances the potency of the attack, increasing the risk of data theft and operational disruption within these high-value targets. PlugY stands out due to its sophisticated functionality. It supports multiple commands and uses three different protocols for Command and Control (C2) communications, adding to its stealth and adaptability. This versatility allows it to navigate various security measures and maintain persistent access to the infected systems. Therefore, cybersecurity efforts must be ramped up to detect and counter this potent threat effectively.

Description last updated: 2024-08-14T09:00:44.517Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Implant

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Cloudsorcerer	Unspecified	3	CloudSorcerer is a newly identified threat actor discovered by Kaspersky, which targets Russian government entities using cloud services for command and control (C2) infrastructure. Similar to the previously reported CloudWizard Advanced Persistent Threat (APT), CloudSorcerer leverages public cloud
APT27	Unspecified	2	APT27, also known as Iron Taurus, is a threat actor group suspected to be attributed to China. Engaging in cyber operations with the primary goal of intellectual property theft, APT27 targets organizations globally, with a focus on North and South America, Europe, and the Middle East. The group's mo

Source Document References

Information about the PlugY Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	a month ago	'EastWind' Cyber Spy Campaign Combines Various Chinese APT Tools
Securelist	a month ago	EastWind campaign distributes CloudSorcerer and two APT tools
Securityaffairs	a month ago	EastWind campaign targets Russian organizations with sophisticated backdoors