Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Effective cyber attack via images in the corporate environment

An ingenious cyber attack that uses images to infiltrate companies

Spear-phishing emails with apparent images about the Armenia-Azerbaijan conflict hide malware that steals sensitive data. Management teams associated with Azerbaijani company targeted. The malware, written in Rust, creates temporary files to steal information during non-business hours.
Gruppo ECP

WE TURN YOUR GOALS INTO REALITY
Your competitive advantage starts here
DISCOVER HOW

Gruppo ECP

WE TURN YOUR GOALS INTO REALITY
Your competitive advantage
starts here
DISCOVER HOW

This pill is also available in Italian language

Images purportedly depicting the conflict between Armenia and Azerbaijan were actually malware programs intended to steal sensitive data.

Spear-phishing email hidden behind an Azerbaijani company document spreads malware via image files to infiltrate companies associated with the company

According to Fortinet research, these emails mentioned the conflict between Azerbaijan and Armenia and contained a zip file. The photos within that file contained both genuine and malicious content.

The targets of the attacks were the management teams of companies associated with the Azerbaijani company

Fortinet senior security engineer Fred Gutierrez said other companies affected by the campaign included the company's subsidiaries and its business partners. He declined to reveal the name of the counterfeit company.

The malware, written in the popular Rust language, steals company information

The malware creates a temporary file called "24rp.xml" that sets up a scheduled task to steal information outside of regular working hours. This technique is based on the assumption that targets leave their computers turned on overnight so that the malware can perform its functions at times when it is less likely to be noticed.

Follow us on Facebook for more pills like this

09/29/2023 16:45

Marco Verro

Last pills

Cloudflare repels the most powerful DDoS attack ever recordedAdvanced defense and global collaboration to tackle new challenges of DDoS attacks

Silent threats: the zero-click flaw that compromises RDP serversHidden risks in remote work: how to protect RDP servers from invisible attacks

Discovery of vulnerability in Secure Boot threatens device securityFlaw in the Secure Boot system requires urgent updates to prevent invisible intrusions

North korean cyberattacks and laptop farming: threats to smart workingAdapting to new digital threats of remote work to protect vital data and infrastructures

Don’t miss the most important news
Enable notifications to stay always updated