Exploiting Discord in critical infrastructure threats
An insidious trend: the growing use of Discord as a tool to attack critical infrastructure
New findings show that state-run hacker groups are using Discord to attack critical infrastructure, exploiting its content delivery network and stealing sensitive data via webhooks. Loaders such as SmokeLoader and PrivateLoader download malicious payloads from Discord's CDN.
More and more criminals are abusing legitimate infrastructure for nefarious purposes. New findings show how state-run hacker groups have entered the field using social platforms to target critical infrastructure.
The risks of using Discord in such attacks
In recent years, Discord has become a lucrative target by serving as a breeding ground for malware, using its content delivery network (CDN), and allowing attackers to steal sensitive data from the app via webhooks.
A case of attack on ukrainian critical infrastructure
However, this appears to be changing, as the cybersecurity firm has found evidence of an artifact targeting Ukrainian critical infrastructure, although there is currently no evidence linking it to a known threat group.
Malware infiltration of Discord communications
The analysis results revealed that loaders such as SmokeLoader, PrivateLoader and GuLoader are among the most popular malware families using Discord's CDN to download next-generation payloads, including stealers such as RedLine, Vidar, Agent Tesla and Umbral.
Follow us on Facebook for more pills like this10/17/2023 16:57
Marco Verro