Security News > 2024 > April > CoralRaider attacks use CDN cache to push info-stealer malware
A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan.
Cisco Talos assesses with moderate confidence that the campaign is a CoralRaider operation, based on similarities in tactics, techniques, and procedures with past attacks attributed to the threat actor.
Hints pointing to CoralRaider include the initial attack vectors, the use of intermediate PowerShell scripts for decryption and payload delivery, and specific methods to bypass User Access Controls on victim machines.
Cisco Talos reports that the latest CoralRaider attacks start with the victim opening an archive containing a malicious Windows shortcut file.
By using the CDN cache as a malware delivery server, the threat actor avoids request delays and also deceives network defenses.
Over 100 US and EU orgs targeted in StrelaStealer malware attacks.
News URL
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- New BunnyLoader Malware Variant Surfaces with Modular Attack Features (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- The Biggest Takeaways from Recent Malware Attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers (source)
- New Latrodectus malware attacks use Microsoft, Cloudflare themes (source)