A new menace actor recognized as AtlasCross has been noticed leveraging Pink Cross-themed phishing lures to produce two previously undocumented backdoors named DangerAds and AtlasAgent.
NSFOCUS Security Labs explained the adversary as possessing a “superior complex amount and cautious attack frame of mind,” incorporating that “the phishing attack activity captured this time is element of the attacker’s focused strike on distinct targets and is its most important means to realize in-domain penetration.”
The attack chains commence with a macro-laced Microsoft doc that purports to be about a blood donation generate from the American Purple Cross that, when introduced, operates the destructive macro to established up persistence, exfiltrate procedure metadata to a remote server (information.vectorse[.]com) that’s a sub-area of a respectable website belonging to a structural and engineering business centered in the U.S.
Forthcoming WEBINARFight AI with AI — Battling Cyber Threats with Upcoming-Gen AI Equipment
All set to deal with new AI-pushed cybersecurity problems? Be a part of our insightful webinar with Zscaler to tackle the rising threat of generative AI in cybersecurity.
Supercharge Your Competencies
It also extracts a file named KB4495667.pkg (codenamed DangerAds), which, subsequently functions as a loader to start shellcode that qualified prospects to the deployment of AtlasAgent, a C++ malware capable of accumulating program info, shellcode operation, and running instructions to get hold of a reverse shell as nicely as inject code into a thread in the specified procedure.
Both AtlasAgent and DangerAds integrate evasive attributes to make it less probably to be discovered by security instruments.
AtlasCross is suspected to have breached community network hosts by exploiting acknowledged security vulnerabilities and turning them into command-and-handle (C2) servers. NSFOCUS claimed it determined 12 different compromised servers in the U.S.
The real identity of AtlasCross and its backers presently continues to be a puzzle.
“At this present stage, AtlasCross has a somewhat restricted scope of exercise, generally focusing on focused assaults towards certain hosts inside a network area,” the enterprise stated. “Even so, the attack procedures they employ are highly sturdy and experienced.”
Observed this posting interesting? Comply with us on Twitter and LinkedIn to browse extra exceptional articles we post.
Some parts of this article are sourced from:
thehackernews.com