Inception Group Uses POWERSHOWER Backdoor in Two-Stage Spear Phishing Attacks


The Inception threat group has been observed exploiting the CVE-2017-11882 Microsoft Office memory corruption vulnerability and a PowerShell-based backdoor dubbed POWERSHOWER in their most recent multi-stage attack campaign during October 2018.

Inception was seen in action since at least 2014, using multiple highly automated malware toolkits targeting a vast array of industries and platforms from all around the world, with a focus on Russian targets.

Moreover, Inception is also known for using multiple compromised routers from all over the globe as proxies to efficiently hide the origin of their attacks, and automatically removing all tracks to the attackers after making the connection to the victim machine.

Read more…
Source: Softpedia