Malware, Critical Infrastructure Security

Microsoft services exploited for stealthy malware deployment

Focus on malware

Hacked organizations had their infrastructure further compromised to enable stealthy spear-phishing and malware attacks through the abuse of Microsoft software-as-a-service tools, including OneDrive, SharePoint, Teams, and Quick Assist, as part of the ongoing VEILDrive attack campaign, according to The Hacker News.

Threat actors using an account from a previously targeted organization dubbed "Org A" impersonated IT staff to target employees of a U.S. critical infrastructure entity dubbed "Org C" with Teams messages seeking remote system access permissions via Quick Assist, an analysis from Hunters revealed. Targets were then lured to download a ZIP archive file hosted by another victim dubbed "Org B" that included the LiteManager remote access tool, as well as another ZIP file with Java-based malware, which facilitates PowerShell command retrieval and execution. "This SaaS-dependent strategy complicates real-time detection and bypasses conventional defenses. With zero obfuscation and well-structured code, this malware defies the typical trend of evasion-focused design, making it unusually readable and straightforward," said Hunters researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds