String of fileless malware attacks possibly tied to single hacker group

Posted on 17-03-2017 , by: admin , in , 0 Comments

Several attacks observed over the past few months that rely heavily on PowerShell, open-source tools, and fileless malware techniques might be the work of a single group of hackers.

An investigation started by security researchers from Morphisec into a recent email phishing attack against high-profile enterprises pointed to a group that uses techniques documented by several security companies in seemingly unconnected reports over the past two months.

“During the course of the investigation, we uncovered a sophisticated fileless attack framework that appears to be connected to various recent, much-discussed attack campaigns,” Michael Gorelik, Morphisec’s vice president of research and development, said in a blog post. “Based on our findings, a single group of threat actors is responsible for many of the most sophisticated attacks on financial institutions, government organizations, and enterprises over the past few months.”

The Morphisec investigation started with a phishing email that distributed a Microsoft Word document with malicious macros inside. When opened, the document asked the victim to click on the “Enable Content” button in order to view the supposedly protected content. Doing so allowed the malicious embedded code to execute.