| Category | Details |
|---|---|
| Threat Actors | Unknown, targeting private users, retailers, and service businesses. |
| Campaign Overview | Malicious email campaign distributing JS/HTA scripts. Began in March 2023, targeting Russian entities. |
| Target Regions (Or Victims) | Primarily Russia (private users, retailers, and service businesses). |
| Methodology | Malicious email attachments (ZIPs) containing JS scripts, disguised as business documents. |
| Product Targeted | NetSupport Manager (NSM), used for remote access and management. |
| Malware Reference | NetSupport RAT, Silverlight-based payload. |
| Tools Used | JS/HTA scripts, curl, bitsadmin, BAT files, NetSupport Manager, RMS, Silverlight Configuration Utility. |
| Vulnerabilities Exploited | Exploits for loading remote payloads via social engineering (email attachments, fake documents). |
| TTPs | Phishing, use of decoy documents, remote access tools (NetSupport RAT, Silverlight DLL side-loading). |
| Attribution | Attribution unclear, suspected cybercriminals using social engineering techniques. |
| Recommendations | Be cautious of unsolicited emails with attachments, especially ZIP files. Use security software to detect remote access tools. |
| Source | Securelist by Kaspersky |
Read full article:https://securelist.com/horns-n-hooves-campaign-delivering-netsupport-rat/114740/
Disclaimer: The above summary has been generated by an AI language model
Related posts:
750,000 Patients' Medical Records Exposed After Data Breach at French Hospital
Financially Motivated Threat Actor Leveraged Google Docs and Weebly Services to Target Telecom and Financial Sectors
SpyLoan Android malware on Google play installed 8 million times
Cyber-Safe Shopping: Protect Yourself from Holiday Scams and Cyber Threats
Leave a Reply