Organizations in the Americas, Europe, and Asia have been subjected to the ongoing FROZEN#SHADOW attack campaign that involved the distribution of the stealthy SSLoad malware alongside Cobalt Strike and ConnectWise ScreenConnect software to compromise networks, reports The Hacker News.
Intrusions commenced with the delivery of phishing emails with links that fetch a JavaScript file that would trigger the execution of an MSI installer to install the SSLoad malware before proceeding with the installation of Cobalt Strike and ScreenConnect that would enable complete remote access to impacted systems, according to a Securonix report. Aside from exfiltrating sensitive system data and user credentials, threat actors have also used the tools to infiltrate other network systems and targets' Windows domain, researchers said.
"With this level of access, they could get into any connected machine within the domain," the researchers said. "In the end, this is the worst case scenario for any organization as this level of persistence achieved by the attackers would be incredibly time-consuming and costly to remediate," added researchers.