At least a dozen Saudi Arabia government organisations have been targeted by a spear phishing campaign that attempts to steal confidential data, according to Malwarebytes.
The attack originates from an Arabic-language phishing email containing a Word document which, if opened, infects the user’s system before sending the same email and document to other contacts via their Outlook inbox.
The attack leverages social engineering to execute malicious code via a Macro, before stealing information and uploading it to a remote server.
“The payload is embedded in the macro as Base64 code. It uses the certutil program to decode the Base64 into a PE file which is then executed,” writes Malwarebytes.
The binary is coded in .NET and not obfuscated, a method commonly used to obscure an attack payload from inspection by network security systems. The main payload is accompanied by two helper dynamic-link library (DLL) modules, a collection of small programmes used to help run larger programmes on a PC.
“We can see that stolen data is then POSTed to a server at webmail.ecra.gov.sa (Official Saudi Press Agency) although by the time we checked, the server was no longer responding.”
Phishing scams have proved to be some of the most successful and lucrative types of attacks used by cyber criminals and were all the rage in 2016 as the likes of Snapchat and Seagate suffered data breaches as a result.
More recently, some of the world’s biggest organisations including Netflix and McDonald’s have continued to be targeted by phishing attacks, all designed to steal customer or business data.
And it seems that no business is safe. Just this week a group of hackers demanded Apple pay a $75,000 (£60,000) ransom after claiming to have stolen 300 million iCloud accounts, highlighting the dangers of today’s cyber threat landscape.
Are you a cyber security pro? Take our quiz and find out!
After the United States imposes 100 percent tariffs on certain Chinese goods, Europe widens its…
OpenAI strikes deal with Reddit to train its AI tech on user posts and give…
Global spending spree from Microsoft continues, with huge investment for new data centre to drive…
Workforce blow. Newly privatised Toshiba has embarked on a 'revitalisation plan' that will entail the…
European Commission opens an official child safety investigation into Facebook and Instagram-owner Meta Platforms
Hundreds of AI and cloud engineers are being offered relocation out of China by Microsoft,…