October 29, 2018

September 27, 2018

September 12, 2018

April 2, 2018

March 18, 2018

Please reload

Recent Posts

I'm busy working on my blog posts. Watch this space!

Please reload

Featured Posts

Advanced Persistent Threat Actors Continue “Pleasantly Surprised”-Themed Spear Phishing to Deliver Remote Access Trojans

March 10, 2017

Advanced persistent threat (APT) cyber actors on 21 and 27 February 2017 sent a variant of Gh0st remote access Trojan (RAT) malware in “Pleasantly Surprised”-themed spear-phishing emails to target e-mail accounts at the following entities, according to two defense technical advisories.  

  • At least one US Department of Education e-mail account.

  • At least three US universities, one of which is also a cleared defense contractor and center of academic excellence.

  • Five US financial institutions.  

  • Four US retailers.

  • One US entertainment company.

  • One US publishing company.

  • Three US insurance providers.

  • At least one US global semiconductor design and manufacturing company.

  • One US online social media and social networking provider.

  • One US online payments system provider.

  • One US health care provider.

  • One US legal services provider.

 

The same APT actors since August 2015 have sent the same Gh0st RAT variant in “Pleasantly Surprised”-themed spear-phishing emails to personnel in critical infrastructure and federal, state, and local government entities, according to separate defense technical advisories.

 

Variants of Gh0st RAT provide attackers with many ways to control a victim’s system, including the ability to create, manipulate, delete, launch, or transfer files; perform screen or audio captures; enable a webcam; list or kill processes; open a command shell; and wipe event logs, according to a private cybersecurity blog.

 

Hear are the sending mail headers and information:

 

 

Share on Facebook
Share on Twitter
Please reload

Follow Us

I'm busy working on my blog posts. Watch this space!

Please reload

Search By Tags
Please reload

Archive
  • Facebook Basic Square
  • Twitter Basic Square