以提供特定資安廠商SSL VPN軟體為誘餌,攻擊者鎖定中東組織散播冒牌程式
支付動態 · 2024-09-03
研究人員發現,有人假借提供Palo Alto Networks的SSL VPN應用程式GlobalProtect為由,疑似意圖藉此在受害電腦植入惡意程式,然後進一步存取企業內部網路環境
此惡意程式執行的過程裡,會檢查受害電腦是否為沙箱環境,然後將系統資訊回傳C2。該惡意程式可接收攻擊者的PowerShell指令碼並執行,或是產生處理程序、上傳或下載檔案。為了迴避偵測,攻擊者在進行通訊的命令及資訊,皆透過AES演算法處理。
值得留意的是,攻擊者為惡意程式加入Beacon的功能,源自於資安人員進行滲透測試時會利用的漏洞利用檢驗工具Interactsh,而有可能減少被視為異常的情況,而且,駭客使用含有阿拉伯聯合大公國大型城市沙迦的網域名稱sharjahconnect,使得目標用戶更容易上當。
Popular articles
Elevate Your Casino’s Success with Opexa Game Aggregators
HUIDU Focus
Netherlands goverment proses raising the minimum age for online casino slots
Regulation
Dutch gambling regulator wanrs lottery over advertorial
Regulation
Meet HUIDU at Booth Z64 of iGB Live 2025 in London
HUIDU Focus
Spanish regulator warns of identity theft via online gambling platforms
Regulation
The GAT Events 2025 Circuit Kicks Off in Cartagena de Indias
HUIDU Focus
SBC Awards Americas 2025: Shortlisted Nominees Announced
HUIDU Focus
Irish lawmakers at odds over change in gambling bill allowing ‘inducements’
Sports Betting
Brazil’s president says he will ban sports bets if ‘addiction’ not regulated
Sports Betting
BEGE and EEGS 2025 Dates Announced!
Online Casino
NFL player calls out NFL fans upset about bets: ‘We’re human too’
Sports Betting
German gambling regulator wins case against lottery operator
Regulation
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
French Gambling Giant FDJ Completes €2.5bn Kindred Group Purchase
Regulation
In a rare video message, Light & Wonder CEO says slot issue was ‘an isolated incident’
Regulation
