CyberCX Security Report | June 2021

Read the full story

Microsoft is warning it has uncovered a new spearphishing campaign by the same hacking group believed to be behind the devastating SolarWinds supply chain attacks. They are believed to be targeting a large number of organisations across many countries.

Spearphishing involves highly targeted phishing attacks against high-value targets. In this case, it appears the spearphishing is targeted towards government agencies involved with foreign policy, and international development organisations. Around 3000 email accounts used by over 150 organisations in 24 countries are affected.

The emails contain malicious HTML that executes a JavaScript code. That code writes an ISO disc image file to a computer’s storage, with the target being encouraged to open it. Once opened, a .LNK shortcut is executed, which runs a DLL file. This in turn runs the Cobalt Strike Beacon command and control module.

According to Microsoft, the attacks were focused on intelligence gathering, as opposed to being financially motivated. This is a further indication that nation-state actors are likely to be behind this and the earlier SolarWinds exploit.

This is a reminder of the importance of having training measures in place so the people in your organisation are equipped with the skills they need

Read More: