{"id":1932,"date":"2021-05-31T14:48:38","date_gmt":"2021-05-31T09:18:38","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=1932"},"modified":"2021-06-07T11:36:48","modified_gmt":"2021-06-07T06:06:48","slug":"recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/","title":{"rendered":"Recently Microsoft reveled that Russian hacker used 4 new malwares in USAID Phishing!"},"content":{"rendered":"\n
Microsoft discovered new four malware families used by Russian hacking groups in recent phishing attacks portraying the United States Agency for International Development (USAID).<\/p><\/p>\n\n\n\n
\u201cA Russian-backed hacking group APT29, also known as Nobelium, had negotiate the Contact account for USAID\u201d disclosed by the Microsoft Threat Intelligence Center (MSTIC) on Thursday night.<\/p><\/p>\n\n\n\n
By accessing this genuine marketing account, the attackers negotiate USAID in phishing emails sent to more than 3,000 email accounts at more than 150 distinct organizations. Government agencies and organizations devoted to international development, humanitarian, and human rights authorities are also part of it.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Nobelium is using a New Trojan<\/strong><\/h2>\n\n\n\n
On Friday night an article was released by Microsoft in which they provide details on all the four new malware families used by Nobelium in these new attacks.<\/p><\/p>\n\n\n\n
The four new families consist of an HTML attachment named \u2018EnvyScout,\u2019 a downloader named \u2018BoomBox,\u2019 a loader named \u2018NativeZone,\u2019 and a launcher and shellcode downloader known as \u2018VaporRage.\u2019<\/p><\/p>\n\n\n\n
HTML Attachment \u2013 EnvyScout<\/strong><\/h2>\n\n\n\n
This is a malicious HTML\/JS file attachment utilized in spear-phishing emails that try to access the NTLM sensitive information of Windows accounts and leaves a malicious ISO on a targeted machine.<\/p><\/p>\n\n\n\n
Shared as a file named NV.html, when launch, the HTML file will try to load an image file:\/\/ URL. While doing this, Windows probably sends the logged-in user\u2019s Windows NTML passwords to the remote side, which threat actors can steal and brute-force to disclose the plain text credentials.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
\u201cThe attachment is also used to change an encoded text blob into a venomous ISO save as NV.img to the local file system,\u201d Microsoft said.<\/p><\/p>\n\n\n\n
Microsoft explains that at this phase of the virus, the user thought to open the downloaded ISO, NV.img, by double-clicking on it. <\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
While opening the ISO image, Windows will display the user a shortcut named NV that runs the hidden BOOM.exe, which is the member of the new malware family discussed below.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Security researchers detected another phishing operation acted to be from the Embassy of Belgium using these same malicious attachments.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Downloader \u2013 BoomBox<\/strong><\/h3>\n\n\n\n
Microsoft is capturing the BOOM.exe file in the ISO image as BOOMBOX and explained that it is used to download two encrypted malware files to the infected device from DropBox.<\/p><\/p>\n\n\n\n
After decoding the downloaded files, BoomBox will save them as:<\/p>\n\n\n\n
%AppData%MicrosoftNativeCacheNativeCacheSvc.dll and %AppData%SystemCertificatesCertPKIProvider.dll and runs them using rundll32.exe.<\/p>\n\n\n\n
When a user logs into Windows NativeCacheSvc.dll is configured to run and is used to run CertPKIProvider.dll.<\/p>\n\n\n\n
At a final phase, the BoomBox trojan will collect data about the Windows domain, encodes the collected data, and then sends it to the attacker\u2019s control i.e., the remote server. Microsoft states that \u201cAs the final exploration step, if the device is domain-joined, BoomBox runs a LDAP query to collect information such as prominent name, SAM account name, email and display name of all the domain user by the filter (&(objectClass=user)(objectCategory=person)).\u201d<\/p><\/p>\n\n\n\n
Loader- NativeZone<\/strong><\/h3>\n\n\n\n
Microsoft determines the NativeCacheSvc.dll file as a new malware loader named \u2018NativeZone.\u2019 This malicious Trojan is released and configured by BoomBox to initiates automatically when a user logs into Windows. When initiated via rundll32.exe, it will run the CertPKIProvider.dll malware that Microsoft identifies as \u2018VaporRage.\u2019<\/p>\n\n\n\n
Launcher and Shellcode Downloader- VaporRage<\/strong><\/h3>\n\n\n\n
The fourth member of the family is called \u2018VaporRage,\u2019 and it is the CertPKIProvider.dll file already discussed in the above NativeZone section.<\/p><\/p>\n\n\n\n
When runs, the malware will connect back to a remote command and control server, where it will first register itself with the threat actor and then consistently connect back to the remote site for a shellcode to download. When these shellcodes are downloaded, the malware runs them to execute various malicious activities and including the setup of Cobalt Strike beacons.<\/p><\/p>\n\n\n\n
How this Attack is Connected with SolarWinds?<\/strong><\/h3>\n\n\n\n
The hacking gang behind these attacks is considered to be the same group behind the SolarWinds supply chain attack.<\/p><\/p>\n\n\n\n
This gang is tracked as Nobelium (Microsoft), NC2452 (FireEye), StellarParticle (CrowdStrike), SolarStorm(Palo Alto Unit 42), and Dark Halo (Volexity). SolarWinds expressed that the attack cost them of worth $3.5 million in expenses but is expecting additional costs as time passed on. The US government formally blamed the Russian Foreign Intelligence Service (tracked as APT29, The Dukes, or Cozy Bear) as the gang behind the SolarWinds attack.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
Microsoft discovered new four malware families used by Russian hacking groups in recent phishing attacks portraying the United States Agency for International Development (USAID). \u201cA Russian-backed hacking group APT29, also known as Nobelium, had negotiate the Contact account for USAID\u201d disclosed by the Microsoft Threat Intelligence Center (MSTIC) on Thursday night. By accessing this genuine […]<\/p>\n","protected":false},"author":2,"featured_media":1941,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[],"yoast_head":"\n
Recently Microsoft reveled that Russian hacker used 4 new malwares in USAID Phishing! - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Recently Microsoft reveled that Russian hacker used 4 new malwares in USAID Phishing! - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Microsoft discovered new four malware families used by Russian hacking groups in recent phishing attacks portraying the United States Agency for International Development (USAID). \u201cA Russian-backed hacking group APT29, also known as Nobelium, had negotiate the Contact account for USAID\u201d disclosed by the Microsoft Threat Intelligence Center (MSTIC) on Thursday night. By accessing this genuine […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-31T09:18:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-07T06:06:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/05\/Recently-Microsoft-reveled-that-Russian-hacker-used-4-new-malwares-in-USAID-phishing-featured-Image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Recently Microsoft reveled that Russian hacker used 4 new malwares in USAID Phishing!\",\"datePublished\":\"2021-05-31T09:18:38+00:00\",\"dateModified\":\"2021-06-07T06:06:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/\"},\"wordCount\":732,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Infosec News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/\",\"url\":\"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/\",\"name\":\"Recently Microsoft reveled that Russian hacker used 4 new malwares in USAID Phishing! - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-05-31T09:18:38+00:00\",\"dateModified\":\"2021-06-07T06:06:48+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Recently Microsoft reveled that Russian hacker used 4 new malwares in USAID Phishing!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Recently Microsoft reveled that Russian hacker used 4 new malwares in USAID Phishing! - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/","og_locale":"en_US","og_type":"article","og_title":"Recently Microsoft reveled that Russian hacker used 4 new malwares in USAID Phishing! - Xiarch Solutions Private Limited","og_description":"Microsoft discovered new four malware families used by Russian hacking groups in recent phishing attacks portraying the United States Agency for International Development (USAID). \u201cA Russian-backed hacking group APT29, also known as Nobelium, had negotiate the Contact account for USAID\u201d disclosed by the Microsoft Threat Intelligence Center (MSTIC) on Thursday night. By accessing this genuine […]","og_url":"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-05-31T09:18:38+00:00","article_modified_time":"2021-06-07T06:06:48+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/05\/Recently-Microsoft-reveled-that-Russian-hacker-used-4-new-malwares-in-USAID-phishing-featured-Image.png","type":"image\/png"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Recently Microsoft reveled that Russian hacker used 4 new malwares in USAID Phishing!","datePublished":"2021-05-31T09:18:38+00:00","dateModified":"2021-06-07T06:06:48+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/"},"wordCount":732,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Infosec News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/","url":"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/","name":"Recently Microsoft reveled that Russian hacker used 4 new malwares in USAID Phishing! - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-05-31T09:18:38+00:00","dateModified":"2021-06-07T06:06:48+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/recently-microsoft-reveled-that-russian-hacker-used-4-new-malwares-in-usaid-phishing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Recently Microsoft reveled that Russian hacker used 4 new malwares in USAID Phishing!"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1932"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=1932"}],"version-history":[{"count":5,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1932\/revisions"}],"predecessor-version":[{"id":1948,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1932\/revisions\/1948"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/1941"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=1932"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=1932"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=1932"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/05\/Recently-Microsoft-reveled-that-Russian-hacker-used-4-new-malwares-in-USAID-phishing-Image1-788x1024.png\")
<\/figure><\/div>\n\n\n\n![\"\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/05\/Recently-Microsoft-reveled-that-Russian-hacker-used-4-new-malwares-in-USAID-phishing-Image5.jpg\")
<\/figure><\/div>\n\n\n\n![\"\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/05\/Recently-Microsoft-reveled-that-Russian-hacker-used-4-new-malwares-in-USAID-phishing-Image2-1024x583.jpg\")
<\/figure><\/div>\n\n\n\n![\"\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/05\/Recently-Microsoft-reveled-that-Russian-hacker-used-4-new-malwares-in-USAID-phishing-Image3-1024x164.jpg\")
<\/figure><\/div>\n\n\n\n![\"\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/05\/Recently-Microsoft-reveled-that-Russian-hacker-used-4-new-malwares-in-USAID-phishing-Image4-1024x741.jpg\")
<\/figure><\/div>\n\n\n\n