"New DownEx Malware Campaign Targets Central Asia"

According to a report by Bitdefender, a previously undocumented malware campaign called DownEx has been targeting government institutions in Central Asia for cyber espionage. The first instance of the malware was discovered in 2022 during a highly targeted attack aimed at exfiltrating data from Kazakhstan's foreign government institutions. Another attack was observed by researchers in Afghanistan. Bitdefender noted that the involved domain and IP addresses do not appear in any previously documented incidents, and the malware does not share code similarities with previously identified malware. Researchers believe that a state-sponsored group is responsible for these incidents based on the specific targets of the attacks, the document metadata that impersonates a real diplomat, and the primary focus on data exfiltration. Although the attacks have not been attributed to any specific threat actor, a Russian group is likely responsible for the attacks. Bitdefender said that the use of a cracked version of Microsoft Office 2016 prevalent in Russian-speaking countries is an indication of the attack's origin, adding that it is unusual to see the same backdoor written in two languages. This was previously observed with the Russian-based group APT28 and their backdoor Zebrocy. This article continues to discuss the new DownEx malware campaign. 

CSO Online reports "New DownEx Malware Campaign Targets Central Asia"