惡意軟體SSLoad攻擊亞洲、歐洲、美洲組織,攻擊者利用Cobalt Strike、ScreenConnect控制受害電腦
· 2024-04-25

研究人員揭露最新一波的惡意軟體SSLoad攻擊行動,並指出對方在過程中會利用Cobalt Strike、ScreenConnect,最終目的是秘密滲透受害組織的網路環境,並進行控制

一旦收信人依照指示開啟附件,攻擊者就會利用wscript.exe啟動out_czlrh.js,電腦便會連線到特定的網路共享資料夾下載MSI安裝檔並執行。

此MSI檔會連結攻擊者控制的網域,並利用rundll32.exe取得SSLoad有效酬載,收集受害主機資訊。

接著,對方利用Cobalt Strike進行偵察工作,然後下載、部署ScreenConnect,從而讓攻擊者遠端存取受害電腦。

藉由遠端管理工具完全控制電腦,攻擊者嘗試收集相關帳密資料,並將目標轉向網域控制器,最終建立自己的網域管理員帳號,來危害受害組織的網域。

Popular articles
Major UK banks join new Gambling Harms Action Lab
Regulation
Italian regulator updates technical rules for gambling systems verification
Regulation
French Gambling Giant FDJ Completes €2.5bn Kindred Group Purchase
Regulation
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
UK Council Accountant Who Stole £1m to Fund Gambling Addiction Jailed for Five Years
Regulation
Pennsylvania: Valley Forge Casino opening new dining hall
Regulation
Industry sources: Time to pump the brakes a little on an Alberta online market rollout
Sports Betting
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Casino
Australia weighing strict measures on gambling ads
Regulation
‘A target on their back’: college athletes face wave of abuse amid gambling boom
Sports Betting
Underreported taxes on bettors’ gambling winnings leaves IRS $1.4 billion short
Sports Betting
FDJ says it doesn’t foresee French gambling tax hike, as stock price hit
Sports Betting
Meet HUIDU at Booth Z64 of iGB Live 2025 in London
HUIDU Focus
Hotel-casino court rulings reveal flaws in AI price-fixing allegations
Regulation
Home
Game
Cooperation
Find
My