Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Ukraine faces another cyberattack: Cobalt Strike deployed via malicious Excel VBA file
Threat actors used a multi-stage malware strategy
3 min. read
Published onJune 7, 2024
published onJune 7, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
In the last few years, Ukraine has become a target of sophisticated cyberattacks targeting critical infrastructure. The latest on the list is an attack aimed at gaining control of the affected systems by deployingCobalt Strikethrough a malicious Excel file.
AFortinetreporton the cyberattack, targetting the Microsoft Windows OS, provides us valuable insights into the tactics employed by threat actors and the process of delivering theCobalt Strikepayload to establish communication with the command and control server.
Initially, threat actors sent a malicious Excel file in Ukrainian and deceived end users into enabling the macros. For the unversed, Microsoft, in2022, hadblocked macros by defaultto prevent such attacks.
Upon enabling the macro, the file took the form of a spreadsheet with the title,Amount of budget funds allocated to military units. The macro then deploys a DLL downloader, which first checks for any instances of an active antivirus on the PC and terminates the process. Now, it goes on to make critical changes to the PC, including downloading payload, adding system files, and modifying the Registry.
Finally, after a series of other complex changes, threat actors deployCobalt Strikeon affected devices!
The Fortinet report tells us how threat actors deleted all traces of the attack to evade detection. The report says,
Remember, it all started with a harmless-looking Excel file and led to threat actors gaining control of the command and control server. This highlights how a lackadaisical approach on your part when it comes to cybersecurity makes things a lot easier for threat actors. The report sheds light on this aspect as well.
Additionally, the report mentions how Fortinet’sFortiGuard Antivirusdetects the malware used in the latest cyberattack targeting Ukraine. These are:
In the recent past, there has been an exponentialincrease in cyber attacks fueled by the emergence of AI. So, as threat actors employ more advanced techniques to deploy malware, it’s critical that you follow the best cyber hygiene practices and start using aneffective antivirus solution.
How do you think one could have prevented the latest cyberattack targeting Ukraine? Share with our readers in the comments section.
More about the topics:Cybersecurity,security threats
Kazim Ali Alvi
Windows Hardware Expert
Kazim has always been fond of technology, be it scrolling through the settings on his iPhone, Android device, or Windows PC. He’s specialized in hardware devices, always ready to remove a screw or two to find out the real cause of a problem.
Long-time Windows user, Kazim is ready to provide a solution for your every software & hardware error on Windows 11, Windows 10 and any previous iteration. He’s also one of our experts in Networking & Security.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Kazim Ali Alvi
Windows Hardware Expert
Kazim is specialized in hardware devices, always ready to remove a screw or two to find out the real cause of a problem.
