Press ESC to close

Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

Category Details
Threat Actors Possibly Patchwork (not conclusively attributed)
Campaign Overview Phishing campaign leveraging tax-themed lures to deliver a backdoor targeting Pakistan
Target Regions/Victims Pakistan, specifically individuals or entities related to tax systems (e.g., Federal Board of Revenue)
Methodology Phishing emails with links or attachments; MSC file with embedded JavaScript delivering a backdoor payload
Product Targeted Tax-related documents (e.g., “Tax Reductions, Rebates and Credits 2024”)
Malware Reference Backdoor malware
Tools Used MSC files, obfuscated JavaScript, DLL payload (“DismCore.dll”)
Vulnerabilities Exploited Exploitation of MSC file execution in Microsoft Management Console
TTPs Social engineering (phishing), obfuscation techniques, use of MSC files to mimic legitimate administrative tools
Attribution Inconclusive; possible connections to Patchwork based on similarities in lures
Recommendations – Educate users on phishing threats
– Enable file extension visibility
– Use EDR solutions to detect suspicious file behaviors
– Monitor for obfuscated script executions and unusual network communications
Source The Hackers News

Read full article: https://thehackernews.com/2024/12/hackers-use-microsoft-msc-files-to.html

The above summary has been generated by an AI language model

Source: TheHackersNews

Published on: December 17, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *