This analysis focuses on a watering hole attack targeting a Japanese university research laboratory website in 2023. The attack used social engineering to trick users into downloading and executing malware disguised as an Adobe Flash Player update. The malware, identified as a modified Cobalt Strike Beacon, was injected into the Explorer process. The attackers used Cloudflare Workers for their C2 server and employed various techniques to evade detection, including disabling anti-analysis functions and stopping antivirus software. The report also mentions other attacks by the same group, using decoy documents and malware with specific execution options. The article emphasizes the importance of maintaining awareness of diverse attack vectors beyond commonly exploited vulnerabilities in exposed assets. Author: AlienVault
Related Tags:
AlienVault
Associated Indicators:
A0224574ED356282A7F0F2CAC316A7A888D432117E37390339B73BA518BA5D88
DF0BA6420142FC09579002E461B60224DD7D6D159B0F759C66EA432B1430186D
284431674A187A4F5696C228CE8575CBD40A3DC21AC905083E813D7BA0EB2F08
3BF1E683E0B6050292D13BE44812AAFA2AA42FDB9840FB8C1A0E4424D4A11E21
7B334FCE8E3119C2807C63FCC7C7DC862534F38BB063B44FEF557C02A10FDDA1
F8BA95995D772F8C4C0FFCFFC710499C4D354204DA5FA553FD33CF1C5F0F6EDB
http://cdn.nifttymail.com/