| Category | Details |
|---|---|
| Threat Actors | Unnamed group leveraging SmokeLoader malware. |
| Campaign Overview | Targeted companies in Taiwan (manufacturing, healthcare, IT) using phishing emails and vulnerabilities to deploy SmokeLoader and steal sensitive data. |
| Target Regions | Taiwan. |
| Methodology | Phishing emails, exploiting Microsoft Office vulnerabilities, use of steganography, multi-stage infection with VBS, PowerShell, and SmokeLoader plugins. |
| Product Targeted | Browsers (Chrome, Edge, etc.), email clients (Outlook, Thunderbird), FTP clients (FileZilla, WinSCP). |
| Malware Reference | SmokeLoader malware, with plugins for data theft and persistence. |
| Tools Used | SmokeLoader, AndeLoader, steganographic images, encoded PowerShell, and VBS scripts. |
| Vulnerabilities | CVE-2017-0199 (OLE2 object vulnerability), CVE-2017-11882 (RCE in Microsoft Office equation editor). |
| TTPs | Phishing with malicious attachments, multi-stage payloads, obfuscation techniques, data exfiltration using modular malware. |
| Attribution | No explicit attribution; campaign observed and analyzed by FortiGuard Labs. |
| Recommendations | Patch vulnerable software, strengthen email security, monitor network for anomalous behavior, use advanced threat detection tools, and educate users on phishing tactics. |
| Source | Fortinet |
Read full article: https://www.fortinet.com/blog/threat-research/sophisticated-attack-targets-taiwan-with-smokeloader
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply