While the entire world has been dealing with the ongoing pandemic, malicious actors are upgrading their attack methods. They have come up with various new techniques to evade detection and cause maximum damage to essential services and other sectors.

The situation

Last month, several international equipment and software suppliers for the industrial sector were subject to malware attacks. These attacks have garnered high attention due to the various unconventional techniques used by the actors to evade detection.

Victims were located in the U.K, Japan, Germany, and Italy. These suppliers were sent phishing emails customized to their local languages that comprised of malicious Microsoft Office documents with obfuscated macros.

The attack

Actors use PowerShell scripts, Microsoft Office documents, steganography to hide malicious data, and other techniques to make it extremely difficult to identify and analyze malware. If the localization of the intended victim’s operating system did not match the language in the phishing email, the malware would execute.

Worth noting

  • The objective of the attackers is yet unknown, as per Kaspersky.
  • Organizations are advised to restrict macros in MS Office documents and PowerShell script execution, wherever possible.
  • Although the target languages varied, the campaigns were similar in the sense that the victims were asked to open the phishing emails and enable the active contents of the attached document.

To conclude

This attack is particularly significant due to the various unconventional techniques used. While one of the most interesting features is the use of steganography, the other one is the use of an exception message as the decryption key for the malicious payload. These attacks are concerning since harvesting credentials of contractors might result in a catastrophic chain of negative consequences.
Cyware Publisher