Press ESC to close

Ongoing Phishing and Malware Campaigns in December 2024

Category Details
Threat Actors Not specified (multiple cybercriminal groups using different attack methods).
Campaign Overview Multiple cyber attacks involving zero-day exploits, fileless malware, phishing attacks, and loaders distributing various malware families.
Target Regions (Or Victims) Organizations, businesses, individuals using Microsoft Word, ZIP archives, cloud services like Azure, and systems vulnerable to PowerShell and scripting attacks.
Methodology Zero-Day Attack: Corrupted Word documents and ZIP files evade detection.
Fileless Malware: Psloramyra loader with PowerShell script.
Phishing Attack: Azure Blob Storage hosting phishing pages.
Emmenhtal Loader: Multi-stage execution chain via PowerShell.
Product Targeted Microsoft Word, WinRAR, ANY.RUN Interactive Sandbox, Azure Blob Storage, PowerShell, and Emmenhtal scripts.
Malware Reference – Quasar RAT (fileless malware)
– Emmenhtal loader (delivers Lumma, Amadey, Hijackloader)
– Corrupted files containing hidden malicious payloads
Tools Used – ANY.RUN Interactive Sandbox (malware analysis)
– PowerShell scripts
– Azure Blob Storage for phishing campaigns
– Custom scripts for loaders (Psloramyra, Emmenhtal)
Vulnerabilities Exploited – Corrupted Word documents and ZIP archives bypass detection software.
– Azure cloud storage subdomain abuse.
– Emmenhtal loader utilizes PowerShell to execute AES-encrypted payloads.
TTPs – Living off the Land Binaries and Scripts (LoLBaS) technique.
– Scheduled tasks to maintain persistence.
– Executing encrypted payloads dynamically in memory without leaving traces.
Attribution No specific attribution to a known threat actor; multiple groups are employing different attack techniques.
Recommendations – Use ANY.RUN Interactive Sandbox for malware analysis.
– Employ robust endpoint protection measures.
– Regularly update and patch software to protect against zero-day exploits.
– Use network monitoring and detection tools.
Source The Hackers News

Read full article:https://thehackernews.com/2024/12/ongoing-phishing-and-malware-campaigns.html

Disclaimer: The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *