After not being seen for a while, Zeppelin ransomware is now back and was seen in August by researchers from Juniper Threatlab. Just like previous campaigns, this one starts with an email that includes a malicious Microsoft Word document which is loaded with malicious macros. If and when a target enables macros, the infection process will begin. Zeppelin is believed to have affected 64 victims during this recent campaign and Juniper researchers believe it could have started on June 4th when the C2 server was registered. The passive DNS data reveals that August 28th is the most recent showing of the name resolution for the C2 domain. Previously Zeppelin has been known as a more targeted ransomware with the first campaign aimed at tech and healthcare companies in the US and Europe.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in