In recent surveillance, a campaign has been witnessed by security researchers, the campaign is targeting companies in the Middle East and nearby regions. According to the news report, the security analysts at Trend Micro have lately identified a campaign that is continuously targeting different organizations.
The cybersecurity expert of the Trend Micro research team has Dubbed “Earth Vetala” the recently detected campaign. However, the latest finding extends on earlier research that was reprinted by Anomali last month.
During the research, the experts found proof of malicious activity that has aimed at UAE and Kuwait government agencies by utilizing the ScreenConnect remote management tool.
Remote Admin Tools Used
According to the experts, the campaign uses the following authorized remote admin tools:
ScreenConnect
RemoteUtilities
What was discovered?
After investigating the whole campaign the cybersecurity analyst has discovered many details, and that’s why here we have listed the key points below:-
The campaign is currently taking all the credentials from browsers like Chrome, Chromium, Firefox, Opera, Internet Explorer, and Outlook.
The campaign has been utilizing a spear-phishing email or attached documents with embedded links to an authorized file-sharing service.
The main motive of the campaign is to disseminate all the malicious packages that generally carry remote tools (ScreenConnect and RemoteUtilities) to manage all the enterprise systems remotely.
Technical Analysis
The analysts have detected a spearphishing email supposedly from a ..
Support the originator by clicking the read the rest link below.
