NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    New SteganoAmor Attacks Use Steganography to Target 320 Orgs Globally

    Cyber Security News
    2
    1
    59
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      • A new campaign conducted by the TA558 hacking group is concealing malicious code inside images using steganography to deliver various malware tools onto targeted systems. Steganography is the technique of hiding data inside seemingly innocuous files to make them undetectable by users and security products. TA558 is a threat actor that has been active since 2018, known for targeting hospitality and tourism organizations worldwide, focusing on Latin America. The group's latest campaign, dubbed "SteganoAmor" due to the extensive use of steganography, was uncovered by Positive Technologies. The researchers identified over 320 attacks in this campaign that affected various sectors and countries. The attacks begin with malicious emails containing seemingly innocuous document attachments (Excel and Word files) that exploit the CVE-2017-11882 flaw, a commonly targeted Microsoft Office Equation Editor vulnerability fixed in 2017. The emails are sent from compromised SMTP servers to minimize the chances of the messages getting blocked as they come from legitimate domains. If an old version of Microsoft Office is installed, the exploit will download a Visual Basic Script (VBS) from the legitimate 'paste upon opening the file. ee' service. This script is then executed to fetch an image file (JPG) containing a base-64 encoded payload. The final payloads and malicious scripts are often stored in legitimate cloud services like Google Drive, taking advantage of their good reputation to evade getting flagged by AV tools. Stolen information is sent to compromised legitimate FTP servers used as command and control (C2) infrastructure to make the traffic appear normal. Positive Technologies discovered over 320 attacks, most focused in Latin American countries, but the targeting scope extends worldwide. Using a seven-year bug in TA558's attack chain makes it fairly easy to defend against SteganoAmor, as updating Microsoft Office to a more recent version would render these attacks ineffective.

      ที่มาแหล่งข่าว
      https://www.bleepingcomputer.com/news/security/new-steganoamor-attacks-use-steganography-to-target-320-orgs-globally/

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 3dba16a3-7b52-459a-9e5f-d50f40ba63cc-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post