Attackers weaponize Microsoft Access documents to execute malicious code

In numerous assertive phishing shots, the financially motivated association UAC-0006 laboriously targeted Ukraine, using ZIP and RAR extensions to spread SMOKELOADER malware. The most current attacks involve emails that carry Microsoft Access files and ZIP archives that, when extended, install weaponized malware on compromised systems, such as RMS and TALESHOT. The government computer emergency reaction team of Ukraine, CERT-UA, observed this unique activation of the financially motivated group UAC-0006.

A brief overview of UAC-0006's recent activities

According to CERT-UA reports, assaulters have established at least two movements to communicate the SMOKELOADER malware as of May 21, 2024. The SmokeLoader malware primarily impacts Windows-based devices. SmokeLoader tries to establish other malware (such as ransomware, cryptominers, or password robbers) on a computer after it has contaminated it. It might also rust files, rob personal data, and cause other issues.

The current attacks contain emails with a ZIP archive that may include the following:

  • The.IMG file includes EXE files.
  • Microsoft Access (ACCDB) records with macros that ensure the PowerShell order to install and establish the EXE file is managed.

As early, as RMS, TALESHOT, and different negative applications are packed into the machine following a main attack that is successful. Several hundred compromised PCs are presently in the bot network. CERT-UA anticipates an expansion in fake through small banking systems soon.

Recommendation

Thus, it is recommended that company managers take notice of the demand to improve the protection of computerized analysis workspaces as soon as possible. This can be done by checking the suggested signs of settlement and confirming that the right policies and security tools are utilized. SOC Prime Platform supplies curated and tested detection algorithms to help defenders prevent attacks linked to the UAC-0006 adversary action described in the most current CERT-UA information.

Search

Recent News

Blog Images

Redis Server infected with new ransomware payload by P2Pinfect

Blog Images

New RAT Malware SneakyChef & SugarGhost Attack Windows Systems

Blog Images

New Linux Variant Of RansomHub Attacking ESXi Systems

Blog Images

US denies Kaspersky software for purported Russian connections

Blog Images

Malicious search results can lead to the installation of SolarMarker malware

Blog Images

A hacker gained access to Tile's customer support platform in the Life360 breach

Blog Images

ScreenConnect and RDP access were installed to begin the ALPHV ransomware deployment

Blog Images

Source code and internal data from the New York Times have been leaked in 270GB

Blog Images

Bypassing authentication on the Telerik Report Server is possible due to a flaw in the server

Blog Images

A Data-management startup, Tabular, has been acquired by Databricks

Blog Images

Latest cyber attacks replace AutoIt with AutoHotkey by DarkGate Malware

Blog Images

Cryptominer deployed by 8220 Gang exploiting Oracle WebLogic Server flaw

Blog Images

Linux Malware Scanner from Kaspersky released

Blog Images

Palo Alto Networks Firewall zero-day vulnerability exploited by Red Tail Cryptominer

Blog Images

Ransomware attacks shut down Seattle 27 public libraries

Blog Images

Theft of $37 million of cryptocurrency by an Indian national

Blog Images

Cybersecurity Platform Cynet Makes MSPs Rich & Clients Safe

Blog Images

Through gift card fraud, Moroccan cybercriminals steal up to $100K daily

Blog Images

Detect Fake Antivirus Websites Delivering Android & Windows Malware

Blog Images

Encryption and data exfiltration by Ransomhub on industrial control systems

Blog Images

Attackers weaponize Microsoft Access documents to execute malicious code

Blog Images

Hacker claims access to AWS, Azure, MongoDB, and Github API keys

Blog Images

Ransomware attacks launched by the Ikaruz Red Team using LockBit Builder

Blog Images

Fortinet FortiSIEM PoC published on unauthenticated RCE vulnerability

Blog Images

An Exchange Server keylogger steals login credentials from the login page

Blog Images

Laundering $73 Million in Pig Butchering Crypto Scam Arrested by Chinese Nationals

Blog Images

North Korean Hackers Utilize Facebook Messenger in Focused Malware Offensive

Blog Images

Dell Data Breach: Hacker Compromises Customer Phone Numbers and Service Reports

Blog Images

Apple Implements RTKit iOS Zero-Day Fix for Older iPhone Models

Blog Images

OpenAI Unveils GPT-4o: Faster, Enhanced Model Now Available Free for All ChatGPT Users

Blog Images

Proof of Concept (PoC) Unveiled for Severe PuTTY Private Key Recovery Vulnerability

Blog Images

Hackers Breaches Fidelity National Financial to Steal 1.3 Million People’s Data

Blog Images

Hackers Can Install Ransomware on Network-Connected Devices

Blog Images

Alert: Connect Secure Zero-Days Used in Attacks, Says Ivanti

Blog Images

Cisco to Rectify Hazardous Weaknesses Affecting Unity Connection Software

Blog Images

Zeppelin Ransomware Source Code Fetches $500 on the Hacking Forum

Blog Images

Mandiant X Account to be Restored After 6-Hour Cryptocurrency Scam

Blog Images

“Critical Google Cookies” Exploit Allows Persistent Access After Password Reset

Blog Images

Hackers to Use the New DLL Hijacking Technique to Bypass Windows Security

Blog Images

DoJ Fines XCast $10 Million for Large-Scale Illegal Robocall Scheme

Blog Images

Hackers to Breach an Australian State Court Recording Database

Blog Images

The recent Terrapin bug may downgrade the SSH security protocol

Blog Images

Caution: Scam-as-a-Service Allowing the Cybercriminals to Drain Crypto Wallets

Blog Images

Microsoft to Disable MSIX App Installer Protocol Due to Malware Attacks

Blog Images

Darkweb Leaksmas Event Reveals Massive Hacked Data

Blog Images

A Year After the Rockstar Breach, GTA 5 Source Code was Purportedly Published Online

Blog Images

Carbanak Banking Malware Uses New Ransomware Techniques to Resurface

Blog Images

Microsoft Alerts the Defence Sector about a New FalseFont Backdoor

Blog Images

PikaBot Infects Windows-Based Systems with Malicious Search Ads

Blog Images

CISA Asks Manufacturers to Remove Default Passwords to Prevent Cyber Threats

Blog Images

Microsoft Issues a Storm-0539 Warning: Holiday Gift Card Fraud Is Getting Worse

Blog Images

BazaCall Phishing Scammers to Use Google Forms to Fraud People

Blog Images

"Sierra:21" vulnerabilities target Critical infrastructure routers

Blog Images

New MIPS Variant of P2PInfect Botnet aiming at Routers and IoT gears

Blog Images

Kali Linux to Release 2023.4 Version with New Hacking Tools

Blog Images

New Slam Hacks AMD Future Intel CPUs to Steal Sensitive Data

Blog Images

Russian Cybercriminals Are Taking Advantage of MS Outlook Privilege Increase Vulnerability

Blog Images

New BLUFFS Bluetooth attack exposes devices to AiTM (adversaries in-the-middle attacks)

Blog Images

Microsoft Cautions Users to Kremlin-Backed APT28 Benefiting of Outlook Vulnerability

Blog Images

Federal Agencies, "Iran-Affiliated Hackers to Breach Several U.S. States"

Blog Images

Terrorism Of CACTUS Ransomware Attacks

Blog Images

Malware FjordPhantom to Spread Stealthy through Email, and Messaging Apps

Blog Images

Agent Racoon’s Threat On Middle East, Africa, and U.S Organizations

Blog Images

Deal of the Year: Broadcom’s Game-Changing Acquisition of VMware for $61 Billion

Blog Images

US Treasury Sanctions the Sinbad Crypto Mixer Used by N. Korean Hackers

Blog Images

Security Breach: Cyber Criminals to Exploit Browser Extensions to Hack Facebook Accounts

Blog Images

Windows Systems Breached: APT Hacks HrServ Web Shell, Security Alert

Blog Images

Unlocking Cybersecurity Secrets: Bug Hunter GPT’s Latest Responses

Blog Images

New Security Updates Introduced to Firefox 120: A Sneak Peek

Blog Images

Hackers Deploying REMCOS RAT to Exploit Windows SmartScreen Zero-Day Flaws

Blog Images

FEAM Aero Suffers Data Breach Due to LockBit Ransomware Attack

Blog Images

What are expected cybersecurity tips for Black Friday and Cyber Monday in 2023?

Blog Images

TTB Antivirus Achieves Perfect Score of 18/18, Receives AV-Test Verification for the Third Consecutive Time

Blog Images

Vulnerability of D-link Wi-Fi range extender to command injection attacks

Blog Images

MGM Resorts $100 Million Customer Data Stolen in Ransomware Attack

Blog Images

Sony Faces Cyber-Security Breach as Ransomware Group Alleges Successful Intrusion into “All Sony Systems”

Blog Images

TTB Antivirus Recognized as the Best Antivirus for Android by AV-TEST GmbH

Blog Images

Alarm For 1.5m WordPress Sites Users: Threat From Cookie Consent Plugins

Blog Images

The RatMilad Scare- How to Stay Safe?

Blog Images

A New Netflix-Styled App That is Actually a Ransomware

Blog Images

Uber Hacked! Hacker Announces in the Company Slack. Employees Think it is a Joke

Blog Images

This Spine Chilling new Linux Malware is proving to be an Alarm to all the IT Professionals

Blog Images

Why is it important to be secure on the internet today? Twilio Breach and its Customer Data Compromise!!!

Blog Images

Will the new 'BlastDoor' security feature be able to fight iMessage hacks?

Blog Images

All about the 6GHz (6E) Wi-Fi you need to know

Blog Images

US issues warning after Microsoft claims Chinese hackers perpetrating on its mail server program

Blog Images

PDF feature certified prone to cyberattacks

Blog Images

Fake TikTok App and Laptop offers spreading adware

Blog Images

Silver Sparrow attack on over 30000 Macs; here is what we know so far

Blog Images

Akamais Cybercrime Report 2020 is a real lesson; heres a glimpse

Blog Images

Chinese state-backed hacking group targets vaccine makers in India: A report