惡意軟體SSLoad攻擊亞洲、歐洲、美洲組織,攻擊者利用Cobalt Strike、ScreenConnect控制受害電腦
· 2024-04-25
研究人員揭露最新一波的惡意軟體SSLoad攻擊行動,並指出對方在過程中會利用Cobalt Strike、ScreenConnect,最終目的是秘密滲透受害組織的網路環境,並進行控制
一旦收信人依照指示開啟附件,攻擊者就會利用wscript.exe啟動out_czlrh.js,電腦便會連線到特定的網路共享資料夾下載MSI安裝檔並執行。
此MSI檔會連結攻擊者控制的網域,並利用rundll32.exe取得SSLoad有效酬載,收集受害主機資訊。
接著,對方利用Cobalt Strike進行偵察工作,然後下載、部署ScreenConnect,從而讓攻擊者遠端存取受害電腦。
藉由遠端管理工具完全控制電腦,攻擊者嘗試收集相關帳密資料,並將目標轉向網域控制器,最終建立自己的網域管理員帳號,來危害受害組織的網域。
熱門文章
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!
HUIDU Focus
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
Indiana online casino bill stalls in House committee
Regulation
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking
HUIDU Focus
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
British gambling levy rates confirmed for each vertical
Regulation
