Security News > 2022 > September > Hackers Repeatedly Targeting Financial Services in French-Speaking African Countries

Major financial and insurance companies located in French-speaking nations in Africa have been targeted over the past two years as part of a persistent malicious campaign codenamed DangerousSavanna.

Countries targeted include Ivory Coast, Morocco, Cameroon, Senegal, and Togo, with the spear-phishing attacks heavily focusing on Ivory Coast in recent months, Israeli cybersecurity firm Check Point said in a Tuesday report.

Infection chains entail targeting employees of financial institutions with social engineering messages containing malicious attachments as a means of initial access, ultimately leading to the deployment of off-the-shelf malware such as Metasploit, PoshC2, DWservice, and AsyncRAT. "The threat actors' creativity is on display in the initial infection stage, as they persistently pursue the employees of the targeted companies, constantly changing infection chains that utilize a wide range of malicious file types, from self-written executable loaders and malicious documents, to ISO, LNK, JAR and VBE files in various combinations," the company said.

While attacks in 2021 leveraged macro-laced Microsoft Word documents as lures, the company's decision to block macros in files downloaded from the internet by default earlier this year has led the DangerousSavanna actors to pivot to PDF and ISO files.

NET-based tools, which came disguised as PDF files attached to phishing emails, to retrieve next-stage droppers and loaders from remote servers.

"If one infection chain didn't work out, they changed the attachment and the lure and tried targeting the same company again and again trying to find an entry point," Check Point said.

News URL

https://thehackernews.com/2022/09/hackers-repeatedly-targeting-financial.html