Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

A multi-stage phishing campaign targeting Russia uses social engineering to deliver Amnesia RAT and ransomware. The attack utilizes GitHub and Dropbox to distribute payloads, employs defendnot to disable Microsoft Defender, and leverages Visual Basic Scripts for obfuscation. The campaign aims to suppress visibility, neutralize endpoint protection, conduct reconnaissance, inhibit recovery, and deploy destructive payloads. Microsoft recommends enabling Tamper Protection to counter the abuse of the Windows Security Center API.