A warning about a new wave of social engineering cyberattacks that distribute the IcedID malware and employ Zimbra exploits for sensitive data theft purposes has been recently issued by the Computer Emergency Response Team of Ukraine (CERT-UA).
More Information about the IcedID Phishing Attacks
According to the agency, the IcedID phishing attacks are linked to a threat cluster known as UAC-0041. The infection sequence begins with an email encompassing a Microsoft Excel document (Мобілізаційний реєстр.xls or Mobilization Register.xls). What happens next if opened is that the users are prompted to enable macros, resulting in IcedID deployment, because the malicious file that is run is the GzipLoader virus, which gets the final payload that is IcedID, fetching, decrypting, and executing it.
IcedID is a banking trojan that can be employed to steal account credentials or as a loader for other malware such as Cobalt Strike, ransomware, wipers, and more.