FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file.
The attacker uses a multi-stage malware strategy to deliver the notorious “Cobalt Strike” payload and establish communication with a command and control (C2) server. This attack employs various evasion techniques to ensure successful payload delivery. Over the past few years, Ukraine has been a significant target due to its geopolitical situation. The history of these attacks reveals a pattern of increasing complexity and frequency, particularly during periods of geopolitical tension.
Read more…
Source: Fortinet
Related:
- IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
April 17, 2025
Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny – while the use of some malware families is reported for decades, information about others disappears after days, months or several years. Kaspersky researchers observed ...
- Apple says zero-day bugs exploited against ‘specific targeted individuals’ using iOS
April 16, 2025
Apple has released new software updates across its product line to fix two security vulnerabilities, which the company said may have been actively used to hack customers running its mobile software, iOS. In security advisories posted on its website, Apple confirmed it fixed the two zero-day vulnerabilities, which “may have been exploited in an extremely sophisticated ...
- Hertz Data Breach Included Credit Card, Personal Data
April 15, 2025
The car-rental company Hertz is warning its customers that a data breach exposed personal information including driver’s licenses, credit-card data, contact information and in some cases social security or passport numbers. The company said that hackers breached Cleo Communications, a company that it works with for file transfers. The company said in a “Notice of Data ...
- Chinese police put 3 U.S. operatives on wanted list over cyberattacks
April 15, 2025
Police authorities in Harbin, in northeast China’s Heilongjiang Province, said on Tuesday that they are pursuing three operatives affiliated with the U.S. National Security Agency (NSA) over suspected cyberattacks against China. The Harbin public security bureau said that the three operatives — Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson — had been ...
- Suspected Kimsuky (APT-Q-2) attacks South Korean companies
April 11, 2025
Kimsuky, alias Mystery Baby, Baby Coin, Smoke Screen, Black Banshe, etc., is tracked internally by Qi’anxin as APT-Q-2. The APT group was publicly disclosed in 2013, with attack activity dating as far back as 2012. Kimsuky’s main target for attacks has been South Korea, involving defense, education, energy, government, healthcare, and think tanks, with a focus ...
- Hackers to Target Elon Musk For a ‘Full Month’
April 8, 2025
A group of hackers that previously targeted President Donald Trump has pledged to take aim at Elon Musk for the next month. DonRoad Team, which previously claimed responsibility for taking down several Trump-associated websites, announced Monday it would begin hitting sites linked to Elon Musk. Elon Musk has increasing become a target of backlash as a result ...