Threat actors have launched new phishing campaigns spreading the SVCReady malware since April, reports The Hacker News.
Personal computers are being targeted by the SVCReady malware, which has undergone several updates last month, through a shellcode within Microsoft Office document properties, according to a report from HP Threat Analyst Patrick Schlpfer. Such an approach is in stark contrast with the traditional use of PowerShell or MSHTA for next-stage executable retrieval. One of the attacks also involved the distribution of RedLine Stealer in machines already impacted by SVCReady.
Meanwhile, files used for SVCReady deployment were found to be similar to files used by the TA551 hacking group, also known as Shathak or Hive0106.
"It is possible that we are seeing the artifacts left by two different attackers who are using the same tools. However, our findings show that similar templates and potentially document builders are being used by the actors behind the TA551 and SVCReady campaigns," wrote Schlpfer.
Risk Assessments/Management, Breach, Malware, Vulnerability Management
Novel phishing campaigns spread SVCReady malware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds