Suggestions

July 2024’s hottest phishing campaigns: SharePoint Abuse, DeerStealer, and others

July 24, 2024
by
1 min read


TLDR:

  • July 2024 saw new phishing campaigns including SharePoint abuse and DeerStealer malware.
  • SharePoint phishing campaign used legitimate service to evade detection and steal credentials.

Full Article:

In July 2024, cybersecurity analysts identified several key phishing campaigns, including a SharePoint phishing campaign and the distribution of the Strela stealer malware. The SharePoint campaign exploited the legitimate service to evade detection, using a PDF file on SharePoint to lead users to a fake Microsoft login page to steal credentials. The campaign saw over 500 instances of phishing within 24 hours. The Strela stealer malware was distributed through obfuscated batch files, with the malware exploiting WordPad during execution. Additionally, a campaign disguised the DeerStealer malware as Google Authenticator and hosted it on Github, exfiltrating stolen data via HTTP POST requests encrypted with XORed keys. To address evolving attacks, using Suricata IDS in ANY.RUN with FakeNet and a MITM proxy is recommended. Overall, cybersecurity professionals can utilize the threat intelligence lookup and ANY.RUN sandbox to analyze and detect phishing and malware campaigns effectively in real-time.


Post Views: 62

Adrian Johnson

Latest from Blog

Top 20 Linux Admin Tools for 2024

TLDR: Top Linux Admin Tools in 2024 Key points: Linux admin tools streamline system configurations, performance monitoring, and security management. Popular Linux admin tools include Webmin, Puppet, Zabbix, Nagios, and Ansible. Summary

Bogus job tempts aerospace, energy workers

TLDR: A North Korean cyberespionage group is posing as job recruiters to target employees in aerospace and energy sectors. Mandiant reports that the group uses fake job descriptions stored in malicious archives