THE report details a new APT attack utilizing the ViPNet update system, which began in May 2026. It identifies various malicious modules including HelloInjector (a loader), HelloProxy (a traffic proxy and loader), and HelloBackdoor (a Rust-based backdoor). The attackers use DLL sideloading techniques to maintain persistence and employ sophisticated methods to inject malicious code into trusted processes like svchost.exe. The campaign targets large Russian organizations across multiple sectors.
Kaspersky provides detection solutions and emphasizes the importance of monitoring network traffic and other indicators of compromise, recommending enhanced security measures against such advanced threats.