EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

A spear-phishing attack codenamed EastWind targets the Russian government and IT organizations. This campaign deploys malware, including GrewApacha and a newly discovered one called PlugY via a booby-trapped Windows shortcut file. The malware are used for monitoring, data collection, and exfiltration. Cybersecurity firm Kaspersky highlighted similarities to known backdoors linked to China-based threat groups and noted that attackers utilised popular network services for command servers. Additionally, Kaspersky detailed an attack aimed at a Russian gas supply site.