Security News > 2023 > September > New AtlasCross hackers use American Red Cross as phishing lure

New AtlasCross hackers use American Red Cross as phishing lure
2023-09-26 15:35

A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware.

Cybersecurity firm NSFocus identified two previously undocumented trojans, DangerAds and AtlasAgent, associated with attacks by the new APT group.

"After an in-depth study of the attack process, NSFOCUS Security Labs found that this APT attacker is quite different from known attacker characteristics in terms of execution flow, attack technology stack, attack tools, implementation details, attack objectives, behavior tendency and other main attribution indicators," explains NSFocus.

AtlassCross attacks begin with a phishing message pretending to be from the American Red Cross, requesting the recipient to participate in a "September 2023 Blood Drive."

The attacker's servers will then respond with commands for AtlasAgent to execute, which can be done using new threads or within one of the existing processes, making it harder for security tools to detect and stop.

Evasive Gelsemium hackers spotted in attack against Asian govt.


News URL

https://www.bleepingcomputer.com/news/security/new-atlascross-hackers-use-american-red-cross-as-phishing-lure/