Cybersecurity firm Proofpoint has uncovered a widespread malware campaign targeting organisations globally.
The campaign, which began in August 2024, utilises a novel attack chain to deliver custom malware dubbed ‘Voldemort’.
Researchers at Proofpoint identified over 20,000 messages affecting more than 70 organisations worldwide. The campaign impersonated tax authorities from various countries, including the UK’s HM Revenue & Customs, to distribute the malware.
Voldemort malware: New cyber threat targets global organisations
“Proofpoint assesses with moderate confidence this is likely an advanced persistent threat (APT) actor with the objective of intelligence gathering,” the firm stated in its report.
The Voldemort malware, written in C, possesses capabilities for information gathering and payload delivery.
Researchers observed Cobalt Strike hosted on the actor’s infrastructure, suggesting it as a potential payload.
The campaign targeted 18 different sectors, with insurance companies comprising nearly a quarter of the affected organisations. Aerospace, transportation, and university entities made up the remainder of the top 50 percent of targeted organisations.
Proofpoint noted the campaign’s unusual nature, combining sophisticated capabilities with basic techniques.
“The Frankensteinian amalgamation of clever and sophisticated capabilities, paired with very basic techniques and functionality, makes it difficult to assess the level of the threat actor’s capability and determine with high confidence the ultimate goals of the campaign,” the report said.
While the campaign bears similarities to cybercriminal activities, Proofpoint suggests it is likely espionage-driven.
The firm recommends several defensive measures, including restricting access to external file-sharing services and blocking network connections to TryCloudflare where unnecessary.
Follow us on
