Skip to main content

DarkHydrus Uses Open Source Phishery Tool in Middle-East Attacks

posted onAugust 9, 2018
by l33tdawg
Pentest.blog
Credit: Pentest.blog

The recently detailed DarkHydrus threat group is leveraging the open-source Phishery tool to create malicious documents used in attacks on government entities in the Middle East, Palo Alto Networks warns.

Just weeks ago, the security firm revealed that the actor is employing numerous free or open-source utilities for their malicious purposes. They have leveraged tools such as Meterpreter, Mimikatz, PowerShellEmpire, Veil, and CobaltStrike, as well as a PowerShell-based backdoor called RogueRobin.

With a focus on credential harvesting, the attacker(s) employs spear-phishing emails to deliver malicious Office documents and is using an infrastructure dating back to fall 2017. The malicious documents, which use the attachedTemplate technique, load a template from a remote, attacker-controlled location to prompt users to provide login credentials. The login information is then sent to the attacker’s server.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th