New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons

2022-09-30 10:20

A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts.

"The payload discovered is a leaked version of a Cobalt Strike beacon," Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said in a new analysis published Wednesday.

The entry vector for the attack is a phishing email containing a Microsoft Word attachment that employs job-themed lures for roles in the U.S. government and Public Service Association, a trade union based in New Zealand.

Cobalt Strike beacons are far from the only malware samples deployed, for Cisco Talos said it has also observed the usage of the Redline Stealer and Amadey botnet executables as payloads at the other end of the attack chain.

Calling the attack methodology "Highly modularized," the cybersecurity company said the attack also stands out for its use of Bitbucket repositories to host malicious content that serves as a starting point for downloading a Windows executable responsible for deploying the Cobalt Strike DLL beacon.

"Organizations should be constantly vigilant on the Cobalt Strike beacons and implement layered defense capabilities to thwart the attacker's attempts in the earlier stage of the attack's infection chain."

News URL

https://thehackernews.com/2022/09/new-malware-campaign-targeting-job.html

#cobalt #malware