The macro-laden document purports to have important information related to the “règlement général sur la protection des données (RGPD),” aka the European Union’s General Data Protection Regulations (GDPR), a law which mandates how companies must report data leaks to the government. Various parts of the macro include ASCII art that depicts a snake, giving the backdoor its name, researchers said. The attack chain begins as many email-based attacks do-with an email that appears to be coming from a legitimate source that includes a Microsoft Word document containing malicious macros. “Successful compromise would enable a threat actor to conduct a variety of activities, including stealing information, obtaining control of an infected host or installing additional payloads.” Serpent: A Slippery Attack Chain “The ultimate objectives of the threat actor are presently unknown,” Proofpoint researchers Bryan Campbell, Zachary Abzug, Andrew Northern and Selena Larson acknowledged in the post. These include the use of a legitimate software package installer called Chocolatey as an initial payload, equally legitimate Python tools that wouldn’t be flagged in network traffic, and a novel detection bypass technique using a Scheduled Task, they said. However, between initial contact and payload, the attack uses methods to avoid detection that haven’t been seen before, researchers revealed in a blog post Monday. Researchers have discovered a cyberattack that uses unusual evasion tactics to backdoor French organizations with a novel malware dubbed Serpent, they said.Ī team from Proofpoint observed what they call an “advanced, targeted threat” that uses email-based lures and malicious files typical of many malware campaigns to deliver its ultimate payload to targets in the French construction, real-estate and government industries.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |