MA-1069.052024: MyCERT Advisory – Targeted Malware Campaigns Impacting Malaysia

1.0 Introduction
Recent information from our trusted partner indicates an uptick in targeted cyber attacks related to Malaysia, utilising sophisticated tools such as the RoyalRoad weaponizer and the 5.t Downloader malware. These tools have been identified in spear-phishing campaigns primarily orchestrated by threat actors associated with an advanced persistent threat (APT) group, SharpPanda.

2.0 Details of Threat:
The RoyalRoad weaponizer, known for creating weaponized RTF documents, exploits vulnerabilities in Microsoft (CVE-2017-11882). Once opened, these documents deploy the 5.t Downloader, a secondary payload that facilitates the download and execution of further malicious modules, establishing long-term access to the compromised systems.

3.0 Implications for Malaysia:
The targeted nature of these campaigns suggests a high level of threat to governmental and critical infrastructure sectors in Malaysia. The attackers aim to steal sensitive information, disrupt operations, and gain persistent access to critical network systems.

4.0 Recommendations:
1. Enhanced Email Security: Implement robust email filtering solutions to detect and block phishing attempts. Regularly update email systems to recognize the latest threats.
2. Employee Awareness Training: Conduct regular training sessions to educate employees about the dangers of opening unsolicited email attachments or links, especially those that do not come from trusted sources.
3. Regular Updates and Patch Management: Ensure that all software, especially Microsoft Office, is up-to-date with the latest security patches to mitigate vulnerability exploits.
4. Network Monitoring and Response: Deploy advanced network monitoring tools to detect unusual activity indicative of a breach. Establish a 24/7 incident response team to react swiftly to potential security incidents.
5. Collaboration with Cybersecurity Authorities: Work closely with local and international cybersecurity agencies to receive timely threat intelligence and support. This includes sharing information about threats and collaborating on mitigation strategies.

5.0 Conclusion:
Organisations in Malaysia must take immediate and effective steps to enhance their cybersecurity posture in response to these targeted attacks. Proactive measures, combined with a comprehensive cybersecurity strategy, are essential to protect sensitive data and maintain the integrity of critical infrastructure systems.