Hackers are exploiting company website contact forms to distribute malware through fake non-disclosure agreements, targeting mainly U.S. industrial and tech firms. The campaign involves long-term engagement, sophisticated use of legitimate-looking domains, and malware delivery via ZIP archives on Heroku, with possible links to Russia-aligned cybercriminals. #MixShell #UNK_GreenSec
Keypoints
- Hackers use contact forms instead of emails to initiate malware campaigns.
- They pose as business partners to build credibility during the attack.
- The malware is delivered through ZIP archives hosted on the legitimate cloud platform Heroku.
- The campaign targets various industries including manufacturing, semiconductors, biotech, and aerospace.
- Some infrastructure overlaps with known Russia-aligned cybercriminal groups, suggesting possible motives.
Read More: https://therecord.media/hackers-fake-ndas-malware