Gaining persistence in a compromised system using Yandex Browser. Failed spear phishing attack on Russian rail freight operator.

Doctor Web describes a March 2024 targeted spear-phishing campaign against a Russian rail freight operator where a résumé-themed email contained a .pdf.lnk that silently invoked PowerShell to fetch two modular payloads: a dropper (Trojan.Packed2.46324) and a DLL-based trojan (Trojan.Siggen27/28) that leverages Yandex Browser DLL search-order hijacking to deploy further .NET-based loaders; the analysis documents the attack chain, IOC links, and mitigations, and notes Yandex patched the vulnerability (CVE-2024-6473) in version 24.7.1.380.