01-31-2019 , 01:20 PM
The Cobalt hacking group has been using Google App Engine to distribute malware through PDF decoy documents. The group targeted more than 20 other government and financial institutions worldwide.
Cobalt crime gang is a Russian hacking crew that has been active since at least 2016, it targeted banks worldwide, the group leveraged spear-phishing emails to compromise target systems, spoofed emails from financial institutions or a financial supplier/partner.
In August, security experts from Netscout’s ASERT uncovered a campaign carried out by the group that targeted the NS Bank in Russia and Carpatica/Patria in Romania.
Recently that hacking crew leveraged URL redirection in PDF decoy documents to deliver malicious payloads to the victims. Threat actors used HTTPS URLs to point to Google App Engine, with this technique attackers attempt to trick the victim into believing they are accessing a resource from Google.
Attackers used specially crafted PDF documents created with the Adobe Acrobat 18.0 that contained the malicious URLs in a compressed form.
“Most of the PDF’s we observed were created using Adobe Acrobat 18.0. They contained the malicious URL in a compressed form in the PDF stream using Flat Decode (Filter/FlateDecode).” reads the analysis published by Netskope.
For : http://www.cyberdefensemagazine.com/coba...t-attacks/
Cobalt crime gang is a Russian hacking crew that has been active since at least 2016, it targeted banks worldwide, the group leveraged spear-phishing emails to compromise target systems, spoofed emails from financial institutions or a financial supplier/partner.
In August, security experts from Netscout’s ASERT uncovered a campaign carried out by the group that targeted the NS Bank in Russia and Carpatica/Patria in Romania.
Recently that hacking crew leveraged URL redirection in PDF decoy documents to deliver malicious payloads to the victims. Threat actors used HTTPS URLs to point to Google App Engine, with this technique attackers attempt to trick the victim into believing they are accessing a resource from Google.
Attackers used specially crafted PDF documents created with the Adobe Acrobat 18.0 that contained the malicious URLs in a compressed form.
“Most of the PDF’s we observed were created using Adobe Acrobat 18.0. They contained the malicious URL in a compressed form in the PDF stream using Flat Decode (Filter/FlateDecode).” reads the analysis published by Netskope.
For : http://www.cyberdefensemagazine.com/coba...t-attacks/