Threat actors have been stealthily deploying fileless malware by leveraging a novel technique involving the direct injection of shellcode into Windows event logs, according to Threatpost.
Discovered in February, the campaign has been allowing concealment of malicious late stage trojan deployment through Windows event logs, a Kaspersky report revealed. Attackers have been commencing the attack chain through lures prompting targets to download a malicious .RAR file with Cobalt Strike and SilentBreak, which will then be used to allow code injection into any process and other trusted apps. Through the use of fileless malware, infections could not be detected on compromised computers.
"We consider the event logs technique, which we haven't seen before, the most innovative part of this campaign. With at least two commercial products in use, plus several types of last-stage RAT and anti-detection wrappers, the actor behind this campaign is quite capable," wrote Kaspersky Global Research and Analysis Team Senior Security Researcher Denis Legezo.
Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.
Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Operations of Russia's industrial sensor and monitoring infrastructure were claimed to have been disrupted by Ukrainian hacking operation Blackjack following a Fuxnet malware attack against Moscow-based underground infrastructure firm Moscollector, reports SecurityWeek.