Russian hackers are suspected of using a new malware

The cyber security company Mandiant has discovered that the hacker group Nobelium, which is suspected of having links to the Russian state, has developed its own download program, Ceeloader. Something that was first noticed by Bleeping Computer. Ceeloader is written in C and makes it possible to run shell code payloads directly in memory.

The malware is installed through Cobalt Strike and should be difficult to detect by security software because it mixes its calls to the Windows API with large amounts of junk code. The communication must take place via http while the C2 answers are read with AES-256 in CBC mode.

According to Mandiant, Nobelium’s activities should focus on collecting information that is of political interest to the Russian state. They do this by first infiltrating cloud providers and operating companies and then moving on to different customers’ networks.

Read also: Hundreds of servers in the Tor network are controlled by hackers


About Eshan William 92501 Articles
A 25 years old blogger. Other than gaming, I like watching documentaries and working on cars. A hardcore PC gamer is what I have always been and always will be.