Phishing using malicious attachments remains a key threat in cyberspace.
The Iranian hacker group APT34, also known as Cobalt Gypsy, Hazel Sandstorm, Helix Kitten and OilRig, is allegedly behind a new phishing attack that aims to spread malware called SideTwist.
According to NSFOCUS, the APT34 grouping uses specially created Microsoft Word documents with malicious macros. Once run, the macro extracts and runs the encrypted SideTwist payload, which establishes a connection to the remote server for further instructions.
APT34 has been active since 2014 and specializes in attacks against government organizations, telecommunications companies, defense companies, and financial institutions in the Middle East. The Group is distinguished by its ability to independently create new tools to minimize the risk of detection and long-term consolidation in compromised networks.
SideTwist was first seen using APT34 in April 2021. It is able to upload and download files, as well as execute malicious commands. Experts note that this backdoor is one of the key tools of the APT34 group for establishing reliable persistence in compromised systems.
Meanwhile, Fortinet has discovered another phishing campaign spreading a new version of Agent Tesla malware using vulnerabilities CVE-2017-11882 and CVE-2018-0802 in Microsoft Office.
According to Qualys, CVE-2017-11882 is still one of the most popular vulnerabilities exploited by attackers. the vulnerability allows you to execute arbitrary code when opening a specially created Microsoft Office document.
Despite the fact that the vulnerability was fixed by Microsoft back in 2017, many users continue to use vulnerable versions of Office, which makes it an attractive target for cybercriminals.
Experts warn that phishing using malicious documents continues to be one of the most effective tools for cybercriminals to compromise target systems and steal confidential data.
To protect against such attacks, companies are advised to:
Compliance with the basic rules of cyber hygiene and the use of comprehensive protection will significantly reduce the risks associated with malware such as SideTwist and Agent Tesla.
The Iranian hacker group APT34, also known as Cobalt Gypsy, Hazel Sandstorm, Helix Kitten and OilRig, is allegedly behind a new phishing attack that aims to spread malware called SideTwist.
According to NSFOCUS, the APT34 grouping uses specially created Microsoft Word documents with malicious macros. Once run, the macro extracts and runs the encrypted SideTwist payload, which establishes a connection to the remote server for further instructions.
APT34 has been active since 2014 and specializes in attacks against government organizations, telecommunications companies, defense companies, and financial institutions in the Middle East. The Group is distinguished by its ability to independently create new tools to minimize the risk of detection and long-term consolidation in compromised networks.
SideTwist was first seen using APT34 in April 2021. It is able to upload and download files, as well as execute malicious commands. Experts note that this backdoor is one of the key tools of the APT34 group for establishing reliable persistence in compromised systems.
Meanwhile, Fortinet has discovered another phishing campaign spreading a new version of Agent Tesla malware using vulnerabilities CVE-2017-11882 and CVE-2018-0802 in Microsoft Office.
According to Qualys, CVE-2017-11882 is still one of the most popular vulnerabilities exploited by attackers. the vulnerability allows you to execute arbitrary code when opening a specially created Microsoft Office document.
Despite the fact that the vulnerability was fixed by Microsoft back in 2017, many users continue to use vulnerable versions of Office, which makes it an attractive target for cybercriminals.
Experts warn that phishing using malicious documents continues to be one of the most effective tools for cybercriminals to compromise target systems and steal confidential data.
To protect against such attacks, companies are advised to:
- conduct regular training for employees to recognize phishing emails and avoid opening suspicious attachments.
- use anti-phishing solutions to filter incoming messages.
- install all security updates on workstations and servers in a timely manner.
- restrict the use of outdated software versions that contain dangerous vulnerabilities.
- make regular backups of your data for recovery in the event of an attack.
Compliance with the basic rules of cyber hygiene and the use of comprehensive protection will significantly reduce the risks associated with malware such as SideTwist and Agent Tesla.
