Threat actors have launched new phishing campaigns spreading the SVCReady malware since April, reports The Hacker News.
Personal computers are being targeted by the SVCReady malware, which has undergone several updates last month, through a shellcode within Microsoft Office document properties, according to a report from HP Threat Analyst Patrick Schlpfer. Such an approach is in stark contrast with the traditional use of PowerShell or MSHTA for next-stage executable retrieval. One of the attacks also involved the distribution of RedLine Stealer in machines already impacted by SVCReady.
Meanwhile, files used for SVCReady deployment were found to be similar to files used by the TA551 hacking group, also known as Shathak or Hive0106.
"It is possible that we are seeing the artifacts left by two different attackers who are using the same tools. However, our findings show that similar templates and potentially document builders are being used by the actors behind the TA551 and SVCReady campaigns," wrote Schlpfer.