Voldemort Espionage Malware Campaign: A Familiar Threat with New Tricks

By: Srijith Kn

The Voldemort espionage malware campaign, which has made headlines for its widespread infiltration of organizations worldwide, has raised significant concerns among cybersecurity experts. While the name may invoke a sense of dread, cybersecurity professionals are downplaying its novelty, pointing out that the tactics used by the attackers are not as groundbreaking as they may seem.

Kevin Reed, Chief Information Security Officer at Acronis, explained that the campaign uses a blend of well-established methods seen in previous cyberattacks. “This may sound alarming, but the techniques used are far from revolutionary,” Reed said. “What we’re seeing is a ‘Frankenstein’ approach — combining well-known tools and methods in a logical manner to increase the chances of system compromise.”

One of the more common tactics employed by the Voldemort campaign is the use of malicious PowerShell scripts, a long-standing favorite among cybercriminals. Reed emphasized the importance of proper detection mechanisms to counter these familiar threats. “We encounter these types of malicious scripts frequently,” he noted. “That’s why having robust detection systems, like script emulation technologies such as those found in Acronis Cyber Protect, is critical to neutralize the threat early.”

Despite this reliance on traditional methods, there is one aspect of the Voldemort campaign that has raised eyebrows: the use of Google Sheets as a command-and-control (C2) platform. While this might sound innovative, Reed explained that it’s simply the latest iteration of a tactic used by hackers to exploit user-generated content platforms.

“It’s somewhat unusual to see Google Sheets being used for C2,” Reed said. “But we’ve seen attackers leverage various online platforms for similar purposes before. Social media platforms, like Instagram, have been used in the past — with one high-profile example involving command-and-control messages hidden in the comments section of Britney Spears’ Instagram account.”

The campaign’s success, Reed argues, is less about innovation and more about the persistence and resourcefulness of cybercriminals. Still, the real takeaway from this attack, according to the Acronis expert, is the need for preparedness. “The most important thing is to be ready with advanced cybersecurity tools that can detect and neutralize these types of threats,” Reed said.

As the Voldemort campaign continues to develop, cybersecurity professionals remain focused on the importance of vigilance, investing in robust detection systems, and keeping up with the ever-evolving landscape of cyber threats.