Cyble researchers have uncovered a sophisticated cyberattack campaign targeting critical sectors in Europe and the Middle East, utilizing advanced obfuscation, UAC bypass, and stealth techniques to deploy malware. The campaign employs a shared loader framework used by multiple threat actors to exfiltrate industrial data and steal high-value credentials. #Remcos #KatzStealer
Keypoints
- The attack campaign targets manufacturing and government sectors in Europe and the Middle East, focusing on Italy, Finland, and Saudi Arabia.
- It uses a unified commodity loader shared by multiple high-capability threat groups to deliver RATs and infostealers.
- The malware delivery involves obfuscation techniques such as steganography, string reversal, Base64 encoding, and abuse of legitimate .NET framework executables.
- An advanced UAC bypass technique is utilized, allowing malware to gain elevated privileges by tricking the system or user.
- The campaign employs sophisticated evasion methods, including script obfuscation, process hollowing, and reflective loading, to minimize forensic footprint.
Read More: https://thecyberexpress.com/sophisticated-attack-campaign-loader/