Security experts from FireEye reported that the financially-motivated FIN7 group is changing hacking techniques. The FIN7 group has adopted enhanced phishing techniques leveraging on hidden shortcut files (LNK files) to compromise targets. The FIN7 threat actor group has been associated with malicious financial campaigns dating back to 2015. FIN7 has moved away from weaponized Microsoft Office macros in their phishing mails to evade detection. Recently, the threat actor implements hidden shortcut files (LNK files) as an attack vector to launch mshta.exe and utilises VBScript functionality of mshta.exe to infect victims. In these enhanced spear phishing campaigns, organizations are targeted with phishing mails containing either a malicious DOCX or RTF file – two versions of the same LNK file and VBScript technique. This is a more effective phishing technique as the malicious code is embedded in the document content rather than packaged in the OLE object.
Recommended Actions:
It is advised to treat unsolicited mails with suspicion, since in most cases targeted attacks deploy malware as mail attachments.
Recommended Actions:
It is advised to treat unsolicited mails with suspicion, since in most cases targeted attacks deploy malware as mail attachments.
No comments:
Post a Comment