Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis


In December 2024, Palo Alto Unit 42 researchers uncovered an attack chain that employs distinct, multi-layered stages to deliver malware like Agent Tesla variants, Remcos RAT or XLoader.

Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution. The phishing campaign we analyzed used deceptive emails posing as an order release request to deliver a malicious attachment. This multi-layered attack chain leverages multiple execution paths to evade detection and complicate analysis.

Read more…
Source: Palo Alto Unit 42


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Qualcomm chip vulnerability found in millions of Google, Samsung, and LG phones

    May 8, 2021

    Millions of phones across the globe were affected by a vulnerability found within a ubiquitous Qualcomm chipset, according to researchers with Israeli cybersecurity firm Checkpoint. Check Point’s Slava Makkaveev published a blog post on Thursday highlighting a security flaw in Qualcomm’s Mobile Station Modem Interface “that can be used to control the modem and dynamically patch ...

  • Russian state hackers switch targets after US joint advisories

    May 7, 2021

    Russian Foreign Intelligence Service (SVR) operators have switched their attacks to target new vulnerabilities in reaction to US govt advisories published last month with info on SVR tactics, tools, techniques, and capabilities used in ongoing attacks. The warning comes after US and UK governments formally attributed the SolarWinds supply-chain attack and COVID-19 vaccine developer targeting to Russian SVR ...

  • New TsuNAME DNS bug allows attackers to DDoS authoritative DNS servers

    May 6, 2021

    Attackers can use a newly disclosed domain name server (DNS) vulnerability publicly known as TsuNAME as an amplification vector in large-scale reflection-based distributed denial of service (DDoS) attacks targeting authoritative DNS servers. In simpler terms, authoritative DNS servers translate web domains to IP addresses and pass this info to recursive DNS servers that get queried by ...

  • Operation TunnelSnake

    May 6, 2021

    Formerly unknown rootkit used to secretly control networks of regional organizations Windows rootkits, especially those operating in kernel space, are pieces of malware infamous for their near absolute power in the operating system. Usually deployed as drivers, such implants have high privileges in the system, allowing them to intercept and potentially tamper with core I/O operations ...

  • Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

    May 5, 2021

    Five high-severity security flaws in Dell’s firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said. The bugs have gone undisclosed for 12 years, and could allow the ability to bypass security products, execute code and pivot to other parts of the network for lateral movement, according to ...

  • The UNC2529 Triple Double: A Trifecta Phishing Campaign

    May 4, 2021

    In December 2020, Mandiant observed a widespread, global phishing campaign targeting numerous organizations across an array of industries. Mandiant tracks this threat actor as UNC2529. Based on the considerable infrastructure employed, tailored phishing lures and the professionally coded sophistication of the malware, this threat actor appears experienced and well resourced. This blog post will discuss the ...