APThackers Archives

Since Microsoft decided to by default disable Visual Basic for Applications (VBA) macros for Office files received from the internet, threat actors have been forced to adapt their attack chains. The use of Excel add-in (.XLL) files as an initial attack vector by advanced persistent threat (APT) actors and commodity malware families is now on the rise, according to Cisco Talos. Weaponized Office files distributed through spear-phishing emails and other social engineering assaults continue to be one of the most popular entry points for criminal organizations seeking to run harmful code. Typically, these documents ask the victims to enable macros in order to view seemingly innocent material, only to trigger the malware's stealthy background execution read the complete article APT Ha...

The notorious Lazarus Group subcluster BlueNoroff has been seen incorporating fresh strategies into its playbook to get against Windows Mark of the Web (MotW) security measures. In a research released today, Kaspersky revealed that this includes the usage of the virtual hard disc (.VHD extension) and optical disc image (.ISO extension) file formats as a component of a novel infection chain. Security researcher Seongsu Park stated that "BlueNoroff developed multiple phony domains imitating banks and venture capital firms," adding that the new attack technique was noted in its telemetry in September 2022. ABF Capital, Angel Bridge, ANOBAKA, Bank of America, and Mitsubishi UFJ Financial Group, most of which are based in Japan, are among the fake domains that have been discovered to ...

Tag: APThackers

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector

BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection