A new report from Cisco Talos, the IT provider’s security research team, details how hackers are increasingly using public cloud services like Azure and AWS, eliminating the need to host their own infrastructure.

In particular, the researchers have narrowed down to a Action autumn 2021 that used variants known remote access Trojans distributed and deployed through cloud services. The Remote Administration Tools (RATs) were packed with features that allowed the operator to take control of the victim’s environment and execute arbitrary commands remotely, researchers say.

As with many large-scale cyberattacks, the initial infection vector in this case is a phishing email with a malicious ZIP attachment that, according to Cisco Talos, contains an ISO image with a malicious loader in the form of JavaScript, a Windows batch file, or a Visual Basic script.

When the initial script runs on the victim’s computer, it connects to a download server to download the next stage, which…



Source link

Leave a Reply