Various RATs deployed via TryCloudflare feature exploitation

2 August 2024

Intrusions commenced with the delivery of tax-themed phishing emails with attachments or links redirecting to an LNK payload, which executes either BAT or CMD scripts that result in the PowerShell and Python installer deployment before installing the RATs, an analysis from Proofpoint revealed. Threat actors’ exploitation of Cloudflare has enabled legitimacy and anonymity that hinder malicious threat detection, reported researchers.

Source: SC Magazine

Date:

2 August 2024

Categorie(s):

NEWS

Tag(s):

IT, Malware, News, RATs

Criminals open DocuSign’s Envelope API to make BEC special delivery5 November 2024
Biden administration prepares second executive order on cybersecurity5 November 2024
Link Index for Customer Identity and Access Management5 November 2024
Technical debt, multi-cloud complexity hinder modern tech adoption5 November 2024
FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions5 November 2024