Organizations across Taiwan have been targeted by the Silver Fox advanced persistent threat operation in phishing attacks spreading Gh0st RAT variants Gh0stCringe and HoldingHands RAT as part of a campaign involving the Winos 4.0 malware framework that commenced in January, reports The Hacker News.
Malicious emails purporting to be from business partners or the government have been leveraged by Silver Fox to lure targets into opening the nefarious PDF attachment to enable the multi-stage infection sequence that launches HoldingHands RAT, as well as "msgDb.dat," which allows user data gathering and additional module installation, findings from Fortinet FortiGuard Labs showed. Attackers also used phishing emails with PDF attachments redirecting to document download HTM pages to spread Gh0stCringe malware, researchers added. "The attack chain comprises numerous snippets of shellcode and loaders, making the attack flow complex... Across winos, HoldingHands, and Gh0stCringe, this threat group continuously evolves its malware and distribution strategies," said researchers.
Malicious emails purporting to be from business partners or the government have been leveraged by Silver Fox to lure targets into opening the nefarious PDF attachment to enable the multi-stage infection sequence that launches HoldingHands RAT, as well as "msgDb.dat," which allows user data gathering and additional module installation, findings from Fortinet FortiGuard Labs showed. Attackers also used phishing emails with PDF attachments redirecting to document download HTM pages to spread Gh0stCringe malware, researchers added. "The attack chain comprises numerous snippets of shellcode and loaders, making the attack flow complex... Across winos, HoldingHands, and Gh0stCringe, this threat group continuously evolves its malware and distribution strategies," said researchers.
