Excel File Deploys Cobalt Strike at Ukraine


FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file.

The attacker uses a multi-stage malware strategy to deliver the notorious “Cobalt Strike” payload and establish communication with a command and control (C2) server. This attack employs various evasion techniques to ensure successful payload delivery. Over the past few years, Ukraine has been a significant target due to its geopolitical situation. The history of these attacks reveals a pattern of increasing complexity and frequency, particularly during periods of geopolitical tension.

Read more…
Source: Fortinet


Sign up for our Newsletter


Related:

  • ICAO ‘investigating’ security breach after hacker claims theft of personal data

    January 7, 2025

    UN aviation agency ‘investigating’ security breach after hacker claims theft of personal data The International Civil Aviation Organization (ICAO), a United Nations agency that defines international operating standards for civil aviation, has confirmed it’s investigating a cybersecurity incident. In a statement published on Monday, ICAO said it is “actively investigating reports of a potential information security ...

  • China protests US sanctions for its alleged role in hacking, complains of foreign hacker attacks

    January 7, 2025

    China has slammed a decision by the U.S. Treasury to sanction a Beijing-based cybersecurity company for its alleged role in multiple hacking incidents targeting critical U.S. infrastructure, while the Chinese cyber security agency complained Monday of attacks on Chinese networks. Asked about the sanctions against Beijing-based Integrity Technology Group, Chinese Foreign Ministry spokesperson Guo Jiakun said ...

  • A Windows filetype update may have complicated cyber threat detection efforts

    January 4, 2025

    The use of archive files as malware delivery mechanisms is evolving, presenting challenges for Secure Email Gateways (SEGs), new research has claimed. A recent report by Cofense highlights how cybercriminals exploit various archive formats to bypass security protocols, particularly following a significant update to Windows in late 2023. Traditionally, .zip files have been the most common ...

  • Thomas Cook India website goes down after cyberattack

    January 1, 2025

    Thomas Cook India has announced that its IT infrastructure is under a cyberattack. The travel services provider also said it’s working with security experts to investigate the incident and will take necessary remedial actions. The company stated that it promptly took steps to investigate and respond upon discovering the incident, including shutting down affected systems. The company’s ...

  • U.S. Treasury Department Says Systems Hacked by China-Backed Actor

    December 30, 2024

    The Treasury Department told lawmakers Monday that a state-sponsored actor in China hacked its systems, accessing several user workstations and certain unclassified documents. The treasury was informed on Dec. 8 by a third-party software service provider, BeyondTrust, that a threat actor used a stolen key to remotely access certain workstations and unclassified documents, according to a ...

  • Google Chrome extensions targeted by hackers to steal user passwords

    December 30, 2024

    Cyberhaven has confirmed its Google Chrome extension was the subject of a Christmas Eve cyberattack, exposing sensitive customer data like passwords and session tokens. In a statement, the data loss prevention company noted the attack showed signs of being part of a “wider campaign” to target other companies, too. The attack started as many others do ...