Breaking down Black Basta's advanced phishing strategies
CyberProof's Latest Cyber Threat Intelligence (CTI) Research
Breaking down Black Basta's advanced phishing strategies
Malware Developments
Kimsuky’s custom Remote Desktop Protocol (RDP) Wrapper enables persistent remote access
Kimsuky’s innovative use of a customized RDP Wrapper has been highlighted in recent investigations as a key component of its spear-phishing campaigns. Delivered via malicious shortcut files (.LNK), the malware triggers PowerShell or Mshta scripts upon execution, leading to the download of backdoors like PebbleDash and the modified RDP utility, granting attackers remote control over compromised systems. READ MORE.
Attackers Leverage SVG Files to Evade Security Defenses
Scalable Vector Graphics (SVG) files have emerged as a new phishing vector, allowing attackers to bypass traditional security defenses by embedding malicious content within seemingly harmless images. Unlike standard image formats, SVG files are XML-based and can execute scripts, making them a powerful tool for delivering phishing links. Attackers distribute these files via email, leading victims to phishing pages designed to steal credentials. READ MORE.
领英推荐
Infostealers from digitally signed droppers targeting Windows users
Researchers detected a sophisticated threat campaign deploying signed malicious droppers that masquerade as well-known virtual communication tools, deceiving users into downloading infostealers. The identified infostealers, such as NetSupport RAT, LummarStealer, CobaltStrike, and Remcos RAT, suggest the campaign’s focus on credential theft, with Windows users specifically at risk. Techniques like steganography and IDAT loaders are used for evasion, while FakeCaptcha prompts trick users into running malicious PowerShell scripts. READ MORE.
Vulnerabilities and Exploitation Attempts
Insecure ASP.NET keys lead to Godzilla post-exploitation attack
Recently, researchers observed limited malicious activity by an unattributed threat actor who exploited a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. This incident highlights a dangerous trend in which developers inadvertently incorporate machine keys from public repositories and documentation into their applications. With over 3,000 such keys accessible across various public sources, threat actors can perform ViewState code injection attacks without the need for stolen or purchased credentials. READ MORE.
Gain deeper Cyber Threat Intelligence (CTI) insights
CyberProof’s CTI service offers comprehensive threat intelligence coverage, ensuring that your organization stays ahead of active threats that pose the greatest risk to your assets.
Our advanced CTI team investigates the threat landscape, providing you with detailed reports, related Indicators of Compromise (IOCs), technical recommendations, and MITRE ATT&CK mapping.
Great dad | Inspired Risk Management and Security | Cybersecurity | AI Governance | Data Science & Analytics My posts and comments are my personal views and perspectives but not those of my employer
2 周The old threats keep popping up. The old RDP, phishing, and info stealers are increasing. No effective solution on the horizon.