How did hackers manage to bypass the protection of one of the largest companies in the United States?
At the end of last year, a major American automaker, whose name was not disclosed, was the victim of a targeted attack carried out by the hacker group FIN7. According to researchers from the BlackBerry company, attackers used phishing emails for employees of the IT department to infect the company's systems with malicious software through the Anunak backdoor.
The attack began by sending company employees links to a fake website disguised as a legitimate Advanced IP Scanner tool. Using social engineering techniques, hackers convinced users to click on the link and download the executable file that initiated the backdoor installation.
During the analysis, BlackBerry specialists found out that cybercriminals used unique PowerShell scripts with the obfuscated "PowerTrash" shellcode, which made it possible to link this attack with the FIN7 group with high confidence. The same method was first seen in the FIN7 malware campaign in 2022.
During the attack, a malicious file called "WsTaskLoad.exe", started a multi-step process using malicious DLLs, WAV files, and shellcode, which eventually led to downloading and decrypting the "dmxl.bin" file with the Anunak backdoor. It is worth noting that FIN7 hackers also often use another backdoor — Carbanak-in their attacks, but Anunak was used in the campaign under review.
After deploying the backdoor in the target system, a task was created for OpenSSH that provides constant access to attackers, but the researchers did not detect the use of this method to move around the network in the analyzed campaign.
Interestingly, despite the complexity of the attack, FIN7 was unable to spread the infection beyond the originally infected system. Researchers emphasize the importance of protecting against phishing, which is still the main method of intrusion of intruders.
Implementing multi-factor authentication and using advanced email filtering solutions will help you avoid hackers ' attacks and keep your data safe. Measures such as the use of unique, complex passwords, regular software updates, and constant monitoring of network activity will also help significantly improve the protection of corporate networks and not worry about the company's security.
At the end of last year, a major American automaker, whose name was not disclosed, was the victim of a targeted attack carried out by the hacker group FIN7. According to researchers from the BlackBerry company, attackers used phishing emails for employees of the IT department to infect the company's systems with malicious software through the Anunak backdoor.
The attack began by sending company employees links to a fake website disguised as a legitimate Advanced IP Scanner tool. Using social engineering techniques, hackers convinced users to click on the link and download the executable file that initiated the backdoor installation.
During the analysis, BlackBerry specialists found out that cybercriminals used unique PowerShell scripts with the obfuscated "PowerTrash" shellcode, which made it possible to link this attack with the FIN7 group with high confidence. The same method was first seen in the FIN7 malware campaign in 2022.
During the attack, a malicious file called "WsTaskLoad.exe", started a multi-step process using malicious DLLs, WAV files, and shellcode, which eventually led to downloading and decrypting the "dmxl.bin" file with the Anunak backdoor. It is worth noting that FIN7 hackers also often use another backdoor — Carbanak-in their attacks, but Anunak was used in the campaign under review.
After deploying the backdoor in the target system, a task was created for OpenSSH that provides constant access to attackers, but the researchers did not detect the use of this method to move around the network in the analyzed campaign.
Interestingly, despite the complexity of the attack, FIN7 was unable to spread the infection beyond the originally infected system. Researchers emphasize the importance of protecting against phishing, which is still the main method of intrusion of intruders.
Implementing multi-factor authentication and using advanced email filtering solutions will help you avoid hackers ' attacks and keep your data safe. Measures such as the use of unique, complex passwords, regular software updates, and constant monitoring of network activity will also help significantly improve the protection of corporate networks and not worry about the company's security.
