Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Attackers Exploit Cloud Services to Deploy Nanocore, Netwire, and AsyncRAT

published on 2022-01-13 10:13:03 UTC by CISOMAG
Content:

Since digitalization began, there has been a significant increase in organizations turning to cloud computing. Most companies leverage multiple cloud environments to host their critical IT infrastructures,  a primary target to cybercriminals. Cybersecurity experts from Cisco Talos recently uncovered a cyberespionage campaign actively exploiting public cloud services like Microsoft Azure and Amazon Web Services to deploy multiple commodity remote access trojans (RATs) like Nanocore, AsyncRAT, and Netwire.

Since October 2021, the campaign mainly targeted organizations in Canada, the U.S., Italy, and Singapore. Attackers reportedly stole sensitive information from the compromised systems.

“These variants of Remote Administration Tools (RATs) are packed with multiple features to take control over the victim’s environment to execute arbitrary commands remotely and steal the victim’s information. The threat actor, in this case, used cloud services to deploy and deliver variants of commodity RATs with  information-stealing capability,” the researchers said.

Infection Chain

The infection chain begins with a spearphishing email that contains a malicious ZIP file attachment. The ZIP file holds an ISO image containing the loader in JavaScript, Visual Basic script, or a Windows batch file format. Hackers prompt the users to open the attachment mimicking it as an invoice document.

Also Read: Over 300,000 Users Affected by 4 Android Banking Trojans

Once a victim downloads the attachment, the initial script will be executed on the device and automatically connects to a download server to install the next stage. Operators behind this campaign maintained a distributed infrastructure consisting of download servers, command and control servers, and malicious subdomains to distribute the malware payload.

Indicators of Compromise (IOC)

Some of the observed ZIP file names include:

  • WROOT_Invoice_Copy.zip
  • YUEOP_Invoice_Copy.zip
  • HOO8M_Invoice_Copy.zip
  • TROOS_Invoice_Copy.zip
  • TBROO1_Invoice_Copy.zip

“Organizations should deploy comprehensive multi-layered security controls to detect similar threats and safeguard their assets. Defenders should monitor traffic to their organization and implement robust rules around the script execution policies on their endpoints. It is even more important for organizations to improve email security to detect and mitigate malicious email messages and break the infection chain as early as possible,” the researchers added.

The post Attackers Exploit Cloud Services to Deploy Nanocore, Netwire, and AsyncRAT appeared first on CISO MAG | Cyber Security Magazine.

Article: Attackers Exploit Cloud Services to Deploy Nanocore, Netwire, and AsyncRAT - published almost 3 years ago.

https://cisomag.eccouncil.org/attackers-exploit-cloud-services-to-deploy-nanocore-netwire-and-asyncrat/   
Published: 2022 01 13 10:13:03
Received: 2022 01 13 10:26:14
Feed: Ciso Mag - All
Source: CISO Mag
Category: Cyber Security
Topic: Cyber Security
Views: 0

Custom HTML Block

Click to Open Code Editor