Threat Actors Weaponize Excel Files To Attack Windows Machines

5 June 2024

Attackers are using malicious Excel files with VBA macros to deploy DLLs and ultimately install Cobalt Strike on compromised Windows machines, which use obfuscation and target specific processes to avoid detection by antivirus software. The attacks appear to target Ukrainian systems and leverage geopolitical themes as lures, highlighting a trend of increasingly complex and frequent attacks, especially during times of tension. Attack flow A malicious Excel document targets Ukrainian users by exploiting disabled macros, where the document displays a fake security warning urging users to enable macros, which supposedly unlocks a military budget calculation sheet. Once enabled, a VBA macro deploys a HEX-encoded DLL downloader.

Source: GBHackers

Date:

5 June 2024

Categorie(s):

NEWS

Tag(s):

Advanced Persistent Threats, Attacks, Cobalt Strike, Cyber Attack, Cyber Security News

Harnessing the Power of Data and AI – Sivan Tehila – FS #15 November 2024
A Kansas pig butchering: CEO who defrauded bank, church, friends gets 24 years5 November 2024
Canada Arrests Suspected Hacker Linked to Snowflake Data Breaches5 November 2024
Amazon Inspector suppression rules best practices for AWS Organizations5 November 2024
Building Cybersecurity Resilience: Strategies, Technologies, and Best Practices from Industry Leaders5 November 2024