Security News > 2024 > April > CoralRaider attacks use CDN cache to push info-stealer malware
A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan.
Cisco Talos assesses with moderate confidence that the campaign is a CoralRaider operation, based on similarities in tactics, techniques, and procedures with past attacks attributed to the threat actor.
Hints pointing to CoralRaider include the initial attack vectors, the use of intermediate PowerShell scripts for decryption and payload delivery, and specific methods to bypass User Access Controls on victim machines.
Cisco Talos reports that the latest CoralRaider attacks start with the victim opening an archive containing a malicious Windows shortcut file.
By using the CDN cache as a malware delivery server, the threat actor avoids request delays and also deceives network defenses.
Over 100 US and EU orgs targeted in StrelaStealer malware attacks.
News URL
Related news
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)