Microsoft’s Defender ATP Research Team yesterday revealed its discovery of a late-spring, fileless malware campaign that used "living-off-the-land" techniques to infected victims with information-stealing Astaroth backdoor.

The attackers behind this particular campaign abused a multiple of legitimate services in order to deliver the final payload, including the Windows Management Instrumentation Command-line tool (WMIC), the BITSAdmin command-line tool, the Certutil Certificate Services command-tool, the Regsvr32 command-line utility and the Userinit system tool.

"It's interesting to note that at no point during the attack chain is any file run that's not a system tool," remarked Andrew, Lelli, a member of the Defender ATP Research Team, in a company blog post. "In other words they [the attackers] use fileless techniques to silently install the malware on target devices."

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.