Hacked internal email accounts have been leveraged by advanced persistent threat operation Blind Eagle to compromise Colombian government agencies with multi-stage malware, reports GBHackers News.Intrusions commence with the delivery of a spear-phishing email mimicking Colombia's judicial system that included an SVG attachment, which redirected to a bogus web portal that lured targets into downloading a script that facilitated JavaScript file execution, according to Zscaler ThreatLabz researchers. Such action then triggers a file-less attack chain leading to the execution of the Caminho downloader, which loads directly into memory before injecting the open-source C#-based DCRAT malware.Aside from permitting keylogging and disk access, DCRAT also circumvented Microsoft's Antimalware Scan Interface, a capability absent in other variants of the AsyncRAT payload. Meanwhile, two dozen hosts around the world were discovered to have leaked certificates from the same source as DCRAT, while Dynamic DNS services have also been tapped as part of the campaign.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds