Security News > 2024 > April > CoralRaider attacks use CDN cache to push info-stealer malware
A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan.
Cisco Talos assesses with moderate confidence that the campaign is a CoralRaider operation, based on similarities in tactics, techniques, and procedures with past attacks attributed to the threat actor.
Hints pointing to CoralRaider include the initial attack vectors, the use of intermediate PowerShell scripts for decryption and payload delivery, and specific methods to bypass User Access Controls on victim machines.
Cisco Talos reports that the latest CoralRaider attacks start with the victim opening an archive containing a malicious Windows shortcut file.
By using the CDN cache as a malware delivery server, the threat actor avoids request delays and also deceives network defenses.
Over 100 US and EU orgs targeted in StrelaStealer malware attacks.
News URL
Related news
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks (source)