Discord exploited in nation-state attacks against critical infrastructure

State-sponsored hacking operations have begun leveraging Discord to facilitate cyberattacks against critical infrastructure organizations as evidenced by the presence of an artifact aimed at such entities in Ukraine discovered in the instant messaging and VoIP social platform, reports The Hacker News. Trellix researchers discovered that the artifact, a Microsoft OneNote file sent through an email address impersonating the nonprofit organization Dobro that used donations to Ukrainian soldiers as lures, enabled the execution of a Visual Basic Script and a pair of PowerShell scripts that exploit a Discord webhook for system metadata exfiltration. While system data targeting of the final payload suggests an early-stage campaign, threat actors could facilitate more sophisticated malware attacks, according to the report. "APTs are known for their sophisticated and targeted attacks, and by infiltrating widely used communication platforms like Discord, they can efficiently establish long-term footholds within networks, putting critical infrastructure and sensitive data at risk," said researchers.