Cyble Research and Intelligence Labs has uncovered a highly sophisticated and multi-stage cyberattack campaign targeting manufacturing and government entities in Italy, Finland, and Saudi Arabia, characterized by a shared, modular commodity loader used across different threat actor groups, GBHackers News reports.The attack begins with weaponized documents masquerading as purchase orders, which funnel victims through a meticulously designed four-stage evasion pipeline to bypass traditional security. This pipeline employs advanced obfuscation, steganography to hide payloads in images on legitimate sites, a novel "hybrid assembly" technique that trojanizes open-source GitHub code, and a final process injection into a legitimate Windows utility. The ultimate payloads include powerful information-stealing malware like PureLog Stealer, which harvests browser credentials, cryptocurrency data, and 2FA secrets.CRIL's analysis indicates a shared infrastructure and tradecraft among diverse actors, evidenced by identical loader artifacts and evolving techniques like a novel UAC bypass. This represents a significant, continuously evolving threat ecosystem targeting critical sectors with precision and advanced operational security.
Threat Intelligence, Critical Infrastructure Security, Government security
Sophisticated multi-stage attack targets manufacturing, governments

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



