State-sponsored hacking operations have begun leveraging Discord to facilitate cyberattacks against critical infrastructure organizations as evidenced by the presence of an artifact aimed at such entities in Ukraine discovered in the instant messaging and VoIP social platform, reports The Hacker News.
Trellix researchers discovered that the artifact, a Microsoft OneNote file sent through an email address impersonating the nonprofit organization Dobro that used donations to Ukrainian soldiers as lures, enabled the execution of a Visual Basic Script and a pair of PowerShell scripts that exploit a Discord webhook for system metadata exfiltration. While system data targeting of the final payload suggests an early-stage campaign, threat actors could facilitate more sophisticated malware attacks, according to the report.
"APTs are known for their sophisticated and targeted attacks, and by infiltrating widely used communication platforms like Discord, they can efficiently establish long-term footholds within networks, putting critical infrastructure and sensitive data at risk," said researchers.
Critical Infrastructure Security, Cloud Security, Threat Intelligence
Discord exploited in nation-state attacks against critical infrastructure
Share
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Terms
Cloud ComputingCorruptionCovert ChannelsDNS SpoofingDeepfakeDenial of ServiceDomain HijackingDumpSecDumpster DivingInformation WarfareGet daily email updates
SC Media's daily must-read of the most current and pressing daily news