Jakarta, shesocial Indonesia
–
The Kaspersky cyber security company found a series of cyber complex attacks involving information from legal services such as Github, Microsoft Learn Challenge, Quora, to social networks.
According to Kaspersky, the attackers did this to avoid detection and run the execution chain to launch Cobalt Strike Beacon.
Cobalt Strike Beacon is a tool to control computers remotely, run commands, steal data, and maintain persistent access in the network.
The attack was detected in the second half of 2024 in various organizations in China, Japan, Malaysia, Peru, and Russia, and continued until 2025. The majority of victims were large to medium companies.
To infiltrate the victim’s apparatus, cyber criminals send e-mail spear phishing which is disguised as legal communication from large state-owned companies, especially in the oil and gas sector.
The text of this message is assembled in such a way that it looks like there is an interest in the products and services of the victim’s organization, to convince the recipient to open the dangerous attachment.
The attachment is in the form of archives that look like a PDF file containing requirements for the requested products and services.In fact, some of these PDFs are exe files and etc. that can be executed and contain malware.
Cyber criminals utilize piracy techniques, etc. and exploit the SAH Utility Send Crash Reporting, which was originally designed to help developers get detailed and real-time damage reports for their applications.
In order to function, this malware also takes and downloads the code stored on a public profile on a legitimate popular platform to avoid detection.
Kaspersky found this code encrypted in the profile on Github, and the link there was also encrypted on other Github profiles, Microsoft Learn Challenge, Question and Answer Website, and even Russian social media platforms.
All profiles and pages are made specifically for this attack.After the dangerous code is executed on the victim’s machine, the Cobalt Strike Beacon was launched, which caused the victim’s system to be infected.
“Although we did not find evidence of attackers using real social media profiles, because all accounts were made specifically for this attack, no one stopped the threat to abuse various mechanisms available on this platform. For example, a series of dangerous content can be posted in the comments column on legitimate user posts,” said Maxim Starodubov, Head of the Malware Analyst Team at Kaspersky, in a statement, Monday (4/8).
“Actors of threats use increasingly complex methods to hide a long -known tool, and it is important to always follow the development of the latest threats to be protected from such attacks,” he continued.
Furthermore, Kaspersky said the method used to take the address of a dangerous code download is similar to that was observed in the Eastwind attack associated with Chinese -speaking perpetrators.
To avoid this kind of attack, Kaspersky provides some tips to keep the organization safe.The following tips:
– track digital infrastructure status and continuous perimeter monitor.
– Use a proven security solution to detect and block malware embedded in mass email.
– Train staff to increase cyber security awareness.
– Secure the company’s devices with a comprehensive system that detects and blocks attacks early on.
(lom/dmi)
[Gambas: shesocial video]
Read More: No need to worry about blood sugar rising, doctor Mayapada Hospital Alert 24 Hours
