Effective cyber attack via images in the corporate environment
An ingenious cyber attack that uses images to infiltrate companies
Spear-phishing emails with apparent images about the Armenia-Azerbaijan conflict hide malware that steals sensitive data. Management teams associated with Azerbaijani company targeted. The malware, written in Rust, creates temporary files to steal information during non-business hours.
Images purportedly depicting the conflict between Armenia and Azerbaijan were actually malware programs intended to steal sensitive data.
Spear-phishing email hidden behind an Azerbaijani company document spreads malware via image files to infiltrate companies associated with the company
According to Fortinet research, these emails mentioned the conflict between Azerbaijan and Armenia and contained a zip file. The photos within that file contained both genuine and malicious content.
The targets of the attacks were the management teams of companies associated with the Azerbaijani company
Fortinet senior security engineer Fred Gutierrez said other companies affected by the campaign included the company's subsidiaries and its business partners. He declined to reveal the name of the counterfeit company.
The malware, written in the popular Rust language, steals company information
The malware creates a temporary file called "24rp.xml" that sets up a scheduled task to steal information outside of regular working hours. This technique is based on the assumption that targets leave their computers turned on overnight so that the malware can perform its functions at times when it is less likely to be noticed.
Follow us on Threads for more pills like this09/29/2023 16:45
Editorial AI