A global phishing program used never-before-seen malware strains distributed by specially-tailored lures to attack global organizations across a broad range of industries. According to a Mandiant report released today, the attacks targeted at least 50 organizations from a diverse range of sectors in two waves, on December 2nd and between December 11th and 18th.
UNC2529 is the name of the threat actors behind the malware, who are identified as “experienced and well-resourced.” Organizations in the United States, the EMEA zone, Asia, and Australia have been attacked in two waves so far.
Threat actors would also pose as account executives touting services suitable for various industries, such as security, medication, transportation, the military, and electronics, in phishing messages sent to prospective victims.
The global phishing scheme was controlled by over 50 domains in total. UNC2529 hacked a domain owned by a US heating and cooling services company, tampered with its DNS data, and used this structure to conduct phishing attacks against at least 22 entities in one successful attack. The lure emails included links to URLs that led to malicious.PDF payloads and a JavaScript file stored in a.zip folder. The records, which were obtained from public databases, were compromised to the point that they were unreadable, prompting victims to double-click the.js file in an effort to read the content.
“The threat actor made extensive use of obfuscation and file-less malware to complicate detection to deliver a well-coded and extensible backdoor,” Mandiant said. […]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Researchers Found Three New Malware Strains in a Phishing Campaign