DarkHydrus Uses Open Source Phishery Tool in Middle-East Attacks
The recently detailed DarkHydrus threat group is leveraging the open-source Phishery tool to create malicious documents used in attacks on government entities in the Middle East, Palo Alto Networks warns.
Just weeks ago, the security firm revealed that the actor is employing numerous free or open-source utilities for their malicious purposes. They have leveraged tools such as Meterpreter, Mimikatz, PowerShellEmpire, Veil, and CobaltStrike, as well as a PowerShell-based backdoor called RogueRobin.
With a focus on credential harvesting, the attacker(s) employs spear-phishing emails to deliver malicious Office documents and is using an infrastructure dating back to fall 2017. The malicious documents, which use the attachedTemplate technique, load a template from a remote, attacker-controlled location to prompt users to provide login credentials. The login information is then sent to the attacker’s server.