#cloud-exfiltration

[ follow ]
#scattered-spider #identity-takeover #social-engineering #shinyhunters #scarcruft-apt37 #rokrat #spear-phishing
Information security
fromSecuritymagazine
1 week ago

Scattered Spider Targets Financial Sector After Alleged Retirement

Scattered Spider returned, targeting financial services with identity takeover attacks using social engineering, Azure AD resets, lateral movement, cloud exfiltration, and possible ShinyHunters collaboration.
fromThe Hacker News
1 month ago

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

The digital missive contains a ZIP archive attachment that contains a Windows shortcut (LNK) masquerading as a PDF document, which, when opened, launches the newsletter as a decoy while dropping RokRAT on the infected host. RokRAT is a known malware associated with APT37, with the tool capable of collecting system information, executing arbitrary commands, enumerating the file system, capturing screenshots, and downloading additional payloads. The gathered data is exfiltrated via Dropbox, Google Cloud, pCloud, and Yandex Cloud.
Information security
[ Load more ]