| Category | Details |
|---|---|
| Threat Actors | Unknown, targeting private users, retailers, and service businesses. |
| Campaign Overview | Malicious email campaign distributing JS/HTA scripts. Began in March 2023, targeting Russian entities. |
| Target Regions (Or Victims) | Primarily Russia (private users, retailers, and service businesses). |
| Methodology | Malicious email attachments (ZIPs) containing JS scripts, disguised as business documents. |
| Product Targeted | NetSupport Manager (NSM), used for remote access and management. |
| Malware Reference | NetSupport RAT, Silverlight-based payload. |
| Tools Used | JS/HTA scripts, curl, bitsadmin, BAT files, NetSupport Manager, RMS, Silverlight Configuration Utility. |
| Vulnerabilities Exploited | Exploits for loading remote payloads via social engineering (email attachments, fake documents). |
| TTPs | Phishing, use of decoy documents, remote access tools (NetSupport RAT, Silverlight DLL side-loading). |
| Attribution | Attribution unclear, suspected cybercriminals using social engineering techniques. |
| Recommendations | Be cautious of unsolicited emails with attachments, especially ZIP files. Use security software to detect remote access tools. |
| Source | Securelist by Kaspersky |
Read full article:https://securelist.com/horns-n-hooves-campaign-delivering-netsupport-rat/114740/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply