A Russian-speaking threat actor has been identified impersonating the Electronic Frontier Foundation (EFF) to target Albion Online players through sophisticated phishing tactics and malware deployment. The campaign employs Stealc and Pyramid C2 malware to steal credentials and compromise player accounts, posing risks such as unauthorized access and loss of in-game assets. Affected: Albion Online players
Keypoints :
- A Russian-speaking threat actor is impersonating the Electronic Frontier Foundation (EFF).
- The attackers target players of Albion Online using phishing tactics.
- Stealc and Pyramid C2 malware are used to steal credentials and exfiltrate in-game assets.
- The campaign deploys decoy documents and phishing emails to compromise victim accounts.
- Malware functionality includes stealing sensitive data and maintaining persistent access to systems.
- The impact includes unauthorized access, financial losses, and potential fraudulent activities.
- Mitigation strategies involve user awareness, endpoint protection, and multi-factor authentication.
MITRE Techniques :
- T1071 (Application Layer Protocol): Malware communicates with C2 server using standard web protocols (HTTP/HTTPS).
- T1203 (Exploitation for Client Execution): Phishing emails and decoy documents trick users into executing malicious payloads.
- T1070 (Indicator Removal on Host): Malware removes indicators of compromise, such as logs and temporary files.
- T1064 (Scripting): Attackers use scripts to automate malware deployment and execution.
- T1070.003 (Indicator Removal on Host: File Deletion): Uses specific file deletion techniques to remove traces of malware.
- T1071.001 (Application Layer Protocol: Web Protocols): Web protocols are used for covert C2 communication.
Indicator of Compromise :
- [Malware] Stealc
- [Malware] Pyramid C2