Menlo Labs has observed a threat actor conducting PureCrypter-enabled attacks against government agencies. Utilizing a compromised non-profit’s website, researchers tracked multiple attempts to infect government agencies through ZIP files containing PureCrypter distributed through Discord who were primed to upload a secondary payload from a compromised non-profit organization’s network. After analyzing the potential chain of infection, they found 106 other attacks that utilized similar behaviors.

Overall, the government sector is facing a rise in popularity as a target for threat actors, likely because of the rise of state-sponsored activity due to the Ukrainian War. As this campaign demonstrates, non-profits and other organizations associated with government agencies are third parties that could be targeted by state actors as they work to compromise federal, state, and local networks. Read more at Infosecurity Magazine.