Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
adv ex on 5 january 2024
adv ex on 22 February 2024
banner Expire 26 October 2024
Rescator cvv and dump shop
banner expire at 13 May

Yale lodge shop
UniCvv
banner Expire 1 April 2021

FROZEN # SHADOW: Cold-blooded hackers covertly attack companies around the world

R

RedX

TRUSTED VENDOR
Staff member
Joined
Nov 26, 2020
Messages
655

The SSLoad malware has become one of the main tools in the arsenal of cybercriminals.

Cybersecurity researchers have identified an ongoing cyberattack campaign that uses phishing emails to spread malicious software called SSLoad. The campaign is codenamed FROZEN # SHADOW and includes the use of the Cobalt Strike program and ConnectWise ScreenConnect remote access software.

Experts from Securonix noted that SSLoad is designed for secret penetration into systems, collecting confidential information and transmitting data to operators. The malware installs multiple backdoors and payloads in the victim's system at once to maintain fast access and avoid detection.

Phishing attacks randomly target organizations in Asia, Europe, and the Americas. Emails contain links that lead to downloading a JavaScript file, which triggers the infection chain.

Earlier this month, Palo Alto Networks discovered at least two different methods for distributing SSLoad: one involves using contact forms to embed trap URLs, and the other includes Microsoft Word documents with macro support. In addition, phishing through contact forms is actively used to distribute other malware — Latrodectus.

JavaScript file ("out_czlrh.js"), launched via "wscript.exe", connects to a network resource and downloads the MSI installer ("slack. msi"), which, in turn, installs SSLoad via "rundll32.exe" and establishes a connection with the management server.

In the initial phase of intelligence using Cobalt Strike, attackers install ScreenConnect, which allows them to remotely monitor the infected host. They then begin collecting credentials and scanning the system for sensitive information.

Researchers have observed that attackers move to other systems on the network, including the domain controller, and eventually create their own domain administrator account. This gives them access to any computer on the network, posing a serious threat to organizations, since identifying and fixing the consequences of an attack can be time-consuming and expensive.

https://carder.market/login/
 
You must log in or register to reply here.

Online statistics

Members online
1
Guests online
126
Total visitors
127
Totals may include hidden visitors.

Latest posts

Newest members

Stay Connected

Top Bottom