Attackers hacked the IT systems of the Azerbaijan government

Attackers hacked Azerbaijan IT systems
Written by Emma Davis

Security researchers from Cisco Talos have reported about a malware campaign, in which attackers secretly hacked IT systems of the Azerbaijan government and stole data from passports of some officials.

Cyber espionage often coincides with the intensification of hostilities. Days after the Azerbaijani president called for the mobilization of reserve soldiers, hackers used a fake government document on the same topic as bait in their attacks.

Malicious code embedded in a document is capable of stealing data from a compromised computer and providing hackers with constant access to the device.

As the geopolitical tensions grow in Azerbaijan with neighbouring countries, this is no doubt a stage of espionage with national security implications being deployed by a malicious actor with a specific interest in various Azerbajiani government departments.conclude Cisco Talos specialists.

Experts discovered the spy group in April this year. The criminals’ malware was nameds PoetRAT because the code was full of literary references.

The macro still contains literature references as on the previous version we documented. This time, the text is from the novel “The Brothers Karamazov” by Fyodor Dostoevsky (a Russian writer).say the researchers.

In previous campaigns, the malicious document downloaded the Python interpreter and the PoetRAT malware, which used pyminifier to obfuscate the Python script and prevent detection based on string or YARA rules.

Attackers hacked Azerbaijan IT systems
Now the new version of the malware creates a ZIP file on the target system and executes the Lua script in this archive. The archive contains the Lua payload and luajit (the Lua interpreter for Windows). The script downloads and executes additional payload.

Talos experts did not say who was responsible for the cyber attacks and how many Azerbaijani government officials were affected.

But it is reported that given the recent geopolitical events in Azerbaijan, cyber attacks can be expected. The PoetRAT malware was used against this country a few months ago, and new campaigns from this attacker emerged after the armed conflict.

Latest Evolution PoetRAT showcased the evolution from Python to Lua.

The code is easy to parse – no big deal, but our analysis showed us that campaigns are effective. An attacker gained access to confidential documents from compromised systems, even if the technical aspects of the attack and the hacker software are not very advanced.said Cisco Talos representatives.

Let me remind you that we talked about how Russian hackers tried to steal COVID-19 research data, and also, according to Microsoft, attacked anti-doping agencies.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply