Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity

Haythem Elmir

We recently came across a campaign targeting a Saudi Arabia Government entity via a malicious Word document which at first reminded us of an attack we had previously described on this blog.

In our previous research, we detailed how an information stealer Trojan was deployed via a Word macro, in order to spy on its victims (various parts of the Saudi Government). The stolen information was transmitted back to the threat actors’ infrastructure in an encrypted format.

This new threat also uses a macro to infect the target’s computer, but rather than retrieving a binary payload, it relies on various scripts to maintain its presence and to communicate via hacked websites, acting as proxies for the command and control server.

The malicious script fingerprints the victim’s machine and can receive any command that will run via PowerShell. In this blog post, we will describe the way this threat enters the system and maintains its presence while constantly communicating with its command and control server.

To read the original article: https://blog.malwarebytes.com/threat-analysis/2017/09/elaborate-scripting-fu-used-in-espionage-attack-against-saudi-arabia-government_entity/

Laisser un commentaire

Next Post


TUNISIA BIG DATA HACKATHON 07 & 08 OCTOBRE 2017 Espace Arena LAC 1 The Tunisian e-government society est une association non gouvernementale, à but non lucratif œuvrant pour une implémentation éclairée des politiques de transformation administrative par l’usage des technologies du numérique. Tunisia Big Data Hackathon 2017 serait le 1er challenge en Tunisie qui […]