Category | Details |
---|---|
Threat Actors | Not specified (multiple cybercriminal groups using different attack methods). |
Campaign Overview | Multiple cyber attacks involving zero-day exploits, fileless malware, phishing attacks, and loaders distributing various malware families. |
Target Regions (Or Victims) | Organizations, businesses, individuals using Microsoft Word, ZIP archives, cloud services like Azure, and systems vulnerable to PowerShell and scripting attacks. |
Methodology | – Zero-Day Attack: Corrupted Word documents and ZIP files evade detection. – Fileless Malware: Psloramyra loader with PowerShell script. – Phishing Attack: Azure Blob Storage hosting phishing pages. – Emmenhtal Loader: Multi-stage execution chain via PowerShell. |
Product Targeted | Microsoft Word, WinRAR, ANY.RUN Interactive Sandbox, Azure Blob Storage, PowerShell, and Emmenhtal scripts. |
Malware Reference | – Quasar RAT (fileless malware) – Emmenhtal loader (delivers Lumma, Amadey, Hijackloader) – Corrupted files containing hidden malicious payloads |
Tools Used | – ANY.RUN Interactive Sandbox (malware analysis) – PowerShell scripts – Azure Blob Storage for phishing campaigns – Custom scripts for loaders (Psloramyra, Emmenhtal) |
Vulnerabilities Exploited | – Corrupted Word documents and ZIP archives bypass detection software. – Azure cloud storage subdomain abuse. – Emmenhtal loader utilizes PowerShell to execute AES-encrypted payloads. |
TTPs | – Living off the Land Binaries and Scripts (LoLBaS) technique. – Scheduled tasks to maintain persistence. – Executing encrypted payloads dynamically in memory without leaving traces. |
Attribution | No specific attribution to a known threat actor; multiple groups are employing different attack techniques. |
Recommendations | – Use ANY.RUN Interactive Sandbox for malware analysis. – Employ robust endpoint protection measures. – Regularly update and patch software to protect against zero-day exploits. – Use network monitoring and detection tools. |
Source | The Hackers News |
Read full article:https://thehackernews.com/2024/12/ongoing-phishing-and-malware-campaigns.html
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply