U.S. organizations have been targeted with attacks exploiting Object Linking and Embedding template manipulation and leveraging Microsoft Office document templates to facilitate NetSupport RAT trojan deployment as part of the new Operation PhantomBlu phishing campaign, reports The Hacker News.
Intrusions commence with the delivery of salary-themed phishing emails with a Microsoft Word attachment, which when opened seeks a password to allow editing, as well as double-clicking that then triggers a ZIP archive file with a Windows shortcut file that leads to NetSupport RAT retrieval and execution, according to a report from Perception Point. "By using encrypted .docs to deliver the NetSupport RAT via OLE template and template injection, PhantomBlu marks a departure from the conventional TTPs commonly associated with NetSupport RAT deployments," said researcher Ariel Davidpur. Such findings follow a Resecurity report detailing the growing exploitation of widely-used cloud platforms and InterPlanetary File System protocol-based Web 3.0 data-hosting platforms for fully undetectable phishing URLs.
