Security News > 2024 > April > CoralRaider attacks use CDN cache to push info-stealer malware

A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan.
Cisco Talos assesses with moderate confidence that the campaign is a CoralRaider operation, based on similarities in tactics, techniques, and procedures with past attacks attributed to the threat actor.
Hints pointing to CoralRaider include the initial attack vectors, the use of intermediate PowerShell scripts for decryption and payload delivery, and specific methods to bypass User Access Controls on victim machines.
Cisco Talos reports that the latest CoralRaider attacks start with the victim opening an archive containing a malicious Windows shortcut file.
By using the CDN cache as a malware delivery server, the threat actor avoids request delays and also deceives network defenses.
Over 100 US and EU orgs targeted in StrelaStealer malware attacks.
News URL
Related news
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)