The Vedalia APT group has ingeniously utilized LNK files with double extensions, effectively masking the malicious .lnk extension. This tactic deceives users into believing the files are harmless, increasing the likelihood of execution.
Campaign Overview The attacker utilized shared web hosting, hosting all these fake online meeting sites on a single IP address. All of the fake sites were in Russian as shown in all the figures below. In addition, the attackers hosted these fake sites using URLs that closely resembled the actual websites. Attack Sequence The diagram […]
Campaign Overview The attacker utilized shared web hosting, hosting all these fake online meeting sites on a single IP address. All of the fake sites were in Russian as shown in all the figures below. In addition, the attackers hosted these fake sites using URLs that closely resembled the actual websites. Attack Sequence The diagram […]
The threat actors behind the campaign utilized multiple stages and techniques, including obfuscation and leveraging open platforms, to carry out the attack and steal sensitive information.
The organization targeted in the incident is Westat, a data firm utilized by the Office of Personnel Management (OPM) for survey administration. The MOVEit data breach has caused havoc across all prominent industries and organizations. This large-scale cyberattack in May 2023 (from May 28th to May 30th, 2023) has claimed countless victims. The attackers exploited […]
The attackers utilized typosquatting and code modifications to trick developers into installing malicious packages and continuously refined their techniques to evade detection.