In mid-2023 WithSecure found several artifacts observed in an intrusion set likely linked to Russian APT activity. One of these artifacts was an unknown backdoor/dropper detected in an Estonian logistics company in late 2022. Upon analysis, WithSecure found two additional versions of the dropped backdoor submitted to VirusTotal from Ukraine in mid-2022 and mid-2023, one of which was packaged with a scheduled task file from an infected machine that launched the backdoor.

Click for details.