Call 24/7: +1 (800) 972-3282

Cannon Malware Attacks European, American Users

Bogdan Glushko

Bogdan Glushko

CEO at SalvageData Recovery, Bogdan Glushko has over 18 years of experience in high-security data recovery. Over the years, he's been able to help restore data after logical errors, physical failures, or even ransomware attacks, for individuals, businesses, and government agencies alike.

Socials:

Hard Drive Failures: What to Look for and How to Fix It
Bogdan Glushko

Bogdan Glushko

CEO at SalvageData Recovery, Bogdan Glushko has over 18 years of experience in high-security data recovery. Over the years, he's been able to help restore data after logical errors, physical failures, or even ransomware attacks, for individuals, businesses, and government agencies alike.

Socials:

I think there's an issue with my storage device, but I'm not sure Start a free evaluation →

I need help getting my data back right now Call now (800) 972-3282

Palo Alto Network’s Unit 42 Research Unit reported their discovery of weaponized documents containing remote templates embedded with a malicious macro. This trojan malware called Cannon, comes from the hacking group APT28, which has close ties to the Kremlin, according to ZDNet.

Cannon Malware in Action

What distinguishes Cannon from other malware deployments is its novel email-based C2 communication channel. One reason why the hackers might use this deployment strategy is to evade detection since email providers don’t view this activity as suspicious.

To entice people to comply, the malware uses current events. Right now, the phishing scam involves receiving an email pertaining to the Lion air crash. The email contains a Microsoft Word file named Lion Air Boeing 737.docx with the author ‘Joohn.’

Let’s go down the rabbit hole a bit further. If you decide to click on the Microsoft Word attachment, a message appears on your screen stating the document you are trying to view is under an old version of Microsoft Word so it will ask you to allow macros to view the material.

If you enable macros, it’s the code conduit by which the malware infects your device. Compounding matters more are the fact the malware won’t appear on your device until after you closed Microsoft Word.

ZDNet notes the Cannon malware uses a command and control server to issue instructions to the malware. One of the malware’s trademarks includes taking screenshots of the infected device every 10 seconds. It also logs all system information every five minutes. The malware emails the screenshots and system information to one of three accounts operated by a Czech Republic server, according to ZDNet.

The malware targets users across Europe and the United States, placing close attention to government agencies. As you can imagine, with the malware’s ability to read full system information and log activity every 10 seconds, if hackers are able to break in they’ll have a treasure trove of data at their fingertips.

627337-636340673394962108-16x9

Illustration by Lynda.com

Tips to Avoid Malware Infection 

While effective, you can avoid downloading the Cannon malware. The simplest way to evade their grasp is to refrain from opening email attachments. While enticing because the material is still fresh, it’s important to stop and think about why someone sends you an attachment when there’s ample material online you can read through news websites.

Two, many phishing email scams have telltale signs. Often, this involves making spelling and grammar mistakes in its messaging. You can also use this as an opportunity to research the email before clicking on the link. As part of this, study the sender’s address.

If it’s someone you don’t know, then it’s best to refrain from clicking the attachment. And to be safe, if someone you know emails you an attachment, contact them beforehand to verify they did so.

Once installed, any form of malware can render your files inaccessible. If this happens, you need a team of recovery experts to help you regain your data. Our staff at SALVAGEDATA is adept at recovering files from malware-infected devices in a timely fashion. Contact our staff today to receive your free quote.

Share

Related Services

Ransomware Recovery

We specialize in identifying and recovering data affected by ransomware attacks, ensuring rapid response and secure restoration of your systems when you need it most.

Backup

We help recover lost data from backup systems, ensuring that critical information is restored swiftly and securely to minimize operational downtime.

Data Recovery

We offer comprehensive data recovery solutions with a 97% success rate and a "no data, no charge" guarantee, ensuring secure and efficient recovery for all types of data loss scenarios.