Blog
Share This Post
[ad_1]
Attacks with the new VBCloud malware have been deployed by Russian state-backed threat operation Cloud Atlas, also known as Clean Ursa, Oxygen, Inception, and Red October, to facilitate data theft against dozens of users, most of whom are in Russia, reports The Hacker News.
Cloud Atlas distributed phishing emails with a Microsoft Office document that downloads a malicious RTF template, which then leverages an Equation Editor vulnerability, tracked as CVE-2018-0802, to execute an HTML Application file that establishes launcher and cleaner files for the VBShower backdoor, an analysis from Kaspersky revealed.
Aside from enabling additional Visual Basic Script payload retrieval, VBShower also allowed the deployment of PowerShower, which acts as a downloader for up to seven PowerShell payloads, and VBCloud, which allows gathering of disk information, system metadata, documents of various formats, and Telegram-related files.
“PowerShower probes the local network and facilitates further infiltration, while VBCloud collects information about the system and steals files. The infection chain consists of several stages and ultimately aims to steal data from victims’ devices,” said Kaspersky researcher Oleg Kupreev.
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
