Over 100 US and EU orgs targeted in StrelaStealer malware attacks

By Bill Toulas, Bleeping Computer

A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials.

StrelaStealer was first documented in November 2022 as a new information-stealing malware that steals email account credentials from Outlook and Thunderbird.

One notable characteristic of the malware was using a polyglot file infection method to evade detection from security software.

At the time, StrelaStealer was seen targeting predominately Spanish-speaking users. However, according to a recent report by Palo Alto Networks' Unit42, this has changed as the malware now targets people from the U.S. and Europe.

StrelaStealer is distributed through phishing campaigns that showed a significant uptick in November 2023, some days targeting over 250 organizations in the U.S.

The elevated phishing email distribution volumes continued into 2024, with a significant wave of activity being recorded by Unit42 analysts between late January and early February 2024.

In some days during that period, the attacks in the U.S. surpassed 500, while Unit42 says it has confirmed at least 100 compromises in the country as well as Europe.

The malware operators used English and other European languages to adjust their attacks as needed.

Most targeted entities operate in the 'high tech' space, followed by sectors like finance, legal services, manufacturing, government, utilities and energy, insurance, and construction.


Comments

Post a Comment

Popular posts from this blog

New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts

Image
By Bill Toulas,  Bleeping Computer Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. Tycoon 2FA was discovered by Sekoia analysts in October 2023 during routine threat hunting, but it has been active since at least August 2023, when the Saad Tycoon group offered it through private Telegram channels. The PhaaS kit shares similarities with other adversary-in-the-middle (AitM) platforms, such as Dadsec OTT, suggesting possible code reuse or a collaboration between developers. In 2024, Tycoon 2FA released a new version that is stealthier, indicating a continuous effort to improve the kit. Currently, the service leverages 1,100 domains and has been observed in thousands of phishing attacks.
Read more

Ransomware gang starts leaking alleged stolen Change Healthcare data

Image
By Lawrence Abrams,  Bleeping Computer The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. In February, Change Healthcare suffered a cyberattack that caused massive disruption to the US healthcare system , preventing pharmacies and doctors from billing or sending claims to insurance companies. The attack was ultimately linked to the BlackCat / ALPHV ransomware operation, who later said they stole 6 TB of data during the attack . After facing increased pressure from law enforcement, the BlackCat gang shut down their operation . This occurred amid claims they were pulling an exit scam by stealing a $22 million Change Healthcare ransom payment from the affiliate who conducted the attack. While Change Healthcare has declined to comment on whether it has paid a ransom, the affiliate known as "Notchy" said they
Read more

Why remote desktop tools are facing an onslaught of cyber threats

Image
By Solomon Klappholz, IT Pro Hackers are increasingly targeting remote desktop tools in their attacks, new research reveals, prompting warnings for enterprises globally In the era of hybrid work, remote desktop tools have become vital business enablers, but due to their pervasiveness on corporate networks they have become a popular entry point for cyber criminals. If successfully exploited, remote access tools can provide hackers with a direct pathway into a system or network, and once access is gained attackers can move laterally within the network, escalating privileges and maintaining persistence. In an investigation into which remote desktop tools are targeted the most, Jonathan Tanner, senior security researcher at Barracuda Networks, explained that remote desktop software poses a particular challenge to IT teams to secure. “Among the security challenges facing IT teams implementing remote desktop software is that there are many different tools available, each using different and
Read more