Microsoft experts observed a malware campaign, tracked as Nodersok, relying on advanced techniques and elusive network infrastructure. Microsoft uncovered the campaign in mid-July when noticed patterns in the anomalous usage of MSHTA.exe.
“It’s not uncommon for attackers to download legitimate
The Nodersok campaign has already infected thousands of machines in the last several weeks. Most of the victims are located in the United States and Europe, they are predominantly consumers. About 3% of the infected systems belong to organizations in different sectors, including education, professional services, healthcare, finance, and retail.
The Powershell command downloads additional components. One of the
Another PowerShell component runs a
“Both the distributed network infrastructure and the advanced
“If we exclude all the clean and legitimate files leveraged by the attack, all that remains are the initial HTA file, the final Node.js-based payload, and a bunch of encrypted files. Traditional file-based signatures are inadequate to counter sophisticated threats like this.”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.