![]() ![]() If macros are enabled, the document executes the document’s macro, which reaches out to an image URL–e.g., com/images/ship3jpg–that contains a base64 encoded PowerShell script hidden using steganography. ![]() The macro-laden document purports to have important information related to the “règlement général sur la protection des données (RGPD),” aka the European Union’s General Data Protection Regulations (GDPR), a law which mandates how companies must report data leaks to the government. Various parts of the macro include ASCII art that depicts a snake, giving the backdoor its name, researchers said. The attack chain begins as many email-based attacks do-with an email that appears to be coming from a legitimate source that includes a Microsoft Word document containing malicious macros. “Successful compromise would enable a threat actor to conduct a variety of activities, including stealing information, obtaining control of an infected host or installing additional payloads.” Serpent: A Slippery Attack Chain ![]() “The ultimate objectives of the threat actor are presently unknown,” Proofpoint researchers Bryan Campbell, Zachary Abzug, Andrew Northern and Selena Larson acknowledged in the post. These include the use of a legitimate software package installer called Chocolatey as an initial payload, equally legitimate Python tools that wouldn’t be flagged in network traffic, and a novel detection bypass technique using a Scheduled Task, they said. However, between initial contact and payload, the attack uses methods to avoid detection that haven’t been seen before, researchers revealed in a blog post Monday. Researchers have discovered a cyberattack that uses unusual evasion tactics to backdoor French organizations with a novel malware dubbed Serpent, they said.Ī team from Proofpoint observed what they call an “advanced, targeted threat” that uses email-based lures and malicious files typical of many malware campaigns to deliver its ultimate payload to targets in the French construction, real-estate and government industries. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |