The Hacker News reports that threat actors could leverage new cache-based targeted deanonymization attacks involving services including Google Drive, YouTube, and Dropbox to determine unique website visitors.
"An attacker who has complete or partial control over a website can learn whether a specific target (i.e., a unique individual) is browsing the website. The attacker knows this target only through a public identifier, such as an email address or a Twitter handle," wrote New Jersey Institute of Technology researchers, who noted that popular websites and services, such as Google, Facebook, Twitter, LinkedIn, TikTok, and Instagram, are being used for private resource sharing prior to the embedding of the shared resource into the attack website.
Potential victims are then being lured into visiting the malicious site and clicking the content in an effort to unmask users and possibly compromise their social media accounts and email addresses. "
Knowing the precise identity of the person who is currently visiting a website can be the starting point for a range of nefarious targeted activities that can be executed by the operator of that website," added researchers.
As part of its latest attacks discovered in June, Tropic Tropper exploited several known Microsoft Exchange Server and Adobe ColdFusion vulnerabilities to distribute an updated China Chopper web shell on a server hosting the Umbraco open-source content management system.
More than 50 Alibaba-hosted command-and-control servers have been leveraged to facilitate the distribution of the backdoor, which impersonates the Java, bash, sshd, SQLite, and edr-agent utilities.
Angola and the Democratic Republic of Congo, which is a new Intellexa client, may have leveraged new Predator infrastructure to enable spyware staging and exploitation, according to an analysis from Recorded Future's Insikt Group.