1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Major new malware campaign targets hundreds of US and EU business

    From TechnologyDaily@1337:1/100 to All on Mon Mar 25 13:45:05 2024
    Major new malware campaign targets hundreds of US and EU businesses - StrelaStealer returns to hit big firms once again

    Date:
    Mon, 25 Mar 2024 13:36:30 +0000

    Description:
    The majority of the victims are in the "high tech" industry.

    FULL STORY ======================================================================

    Hundreds of organizations in the United States and Europe were recently targeted with StrelaStealer, an infostealing malware focusing mostly on grabbing email credentials from Outlook and similar email clients.

    Unit42, the cybersecurity arm of Palo Alto Networks, said that since November 2023, unnamed threat actors have been sending hundreds of phishing emails a day, targeting mostly organizations in the high tech industry.

    Some months have seen more emails than others, but the biggest uptick
    happened between January and February 2024. Strela evolved

    While high tech firms were the primary target, they were far from the only one, as organizations in finance, legal services, manufacturing, government, utilities and energy, insurance, and construction, were all targeted.

    At least 100 organizations across the US and Europe fell victim to the
    attack.

    While the campaign itself might be new, the infostealer isnt. According to BleepingComputer , StrelaStealer was around from at least late 2022 and since then, its modus operandi only slightly changed. It was always an infostealer targeting email client credentials. However, in earlier days, the attackers would distribute an .ISO file holding a .LNK file and an HTML file which, using the polyglot file infection method, invoked rundll32.exe and executed the malware.

    Nowadays, the attackers would simply attach a .ZIP archive holding a JScript file which, if executed, dropped a batch file and a base64-encoded file that decoded into a DLL. That DLL, executed via rundll32.exe, would deploy the
    main infostealer.

    Phishing is a decades-old hacking technique, which continues to dominate the cybercriminal space due to its low cost and high success rate. With the introduction of generative AI tools, spotting phishing and other fraudulent emails became even harder. The best way to stay safe is to exercise caution and remain skeptical of all incoming emails. More from TechRadar Pro These were the most common phishing emails of 2023 make sure you don't get caught out as well Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/major-new-malware-campaign-targets-hund reds-of-us-and-eu-businesses


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)