Threat actors are any malicious entity that initiates violations against an organization’s security measures. Let’s face it: Today, almost everyone depends on technology to send and receive information. Threat actors take advantage of our need for constant data transmission with malicious tactics like fake phishing emails posing as familiar people, such as coworkers or family members. Of course, this is just one example of nefarious activity that can jeopardize the sensitive data of a company or individual and today we will see a group called DarkOxide which was tracked by CrowdStrike Intelligence.

The DarkOxide group exhibits a very specific set of TTPs that have changed very little in the last two years. Initially, the actor engages with a target through a business-oriented social media platform under the pretext of conducting a recruiting drive, after which the target is encouraged to download a decoy document allegedly related to a job vacancy which you should already know is suspicious. Actually, this file is a malicious executable with a double file extension. The executables in these decoys have used non-standard executable file extensions such as .PIF (program information file) and .SCR (screen saver). Since Windows by default hides the extension for known file types, these files initially appear to be legitimate document files when viewed in Windows File Explorer.

To date, the targets of phishing attacks have included engineering personnel with access to confidential documents and source code, indicating that intellectual property theft is the likely motivation for these operations and therefore security measures must be taken To avoid these types of threats, train your staff and yourself, it is the best thing you can do since this is not the only threat on the Internet, there are many other cybercriminals in addition to the DarkOxide group.

More reads:
Mustang Panda group that attacks goverment entities
SynAck group has released keys for they old ransom


Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *