.jpg)
As a result of Proofpoint researchers’ research, in August 2024, they discovered an unusual campaign in which custom malware was being delivered by a novel attack chain. Cybercriminals are believed to have named the malware “Voldemort” based on the internal file names and strings used in it.
As part of the attack chain, multiple tactics have been employed, some of which are currently popular in the threat landscape, while others are less common, such as using Google Sheets as a program for command and control (C2).
It is noteworthy that in addition to tactical, technical, and procedural (TTPs) components, it takes advantage of a lure theme impersonating the government agencies of a variety of countries, and it uses odd file naming and passwords such as “test”. Several researchers initially suspected that the activity may be a red team, but analysis of the malware and the number of messages indicated that it was a threat actor very quickly.
There has been an aggressive malware campaign known as “Voldemort” launched against organizations all over the world, impersonating tax authorities in Europe, Asia, and the U.S. Since the malicious activity was launched on Aug. 5, more than 20,000 phishing messages were reported worldwide by dozens of companies. According to Proofpoint, over 20,000 phishing messages were reported during the last three months.
A cust
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: