Helsinki-based cybersecurity vendor WithSecure (formerly F-Secure Business) says it has discovered an operation, dubbed “DUCKTAIL,” that uses social media-based spear phishing attacks to gain access to Facebook Business accounts.
The company said that it has “high confidence” that a Vietnamese threat actor is behind the attacks, which aim malicious messages at LinkedIn users who are likely to have admin access to their companies’ Facebook accounts. The threat actor also targets email addresses of potential victims directly.
What makes the attack unique, according to WithSecure, is the infostealer malware component, which is designed specifically to gain access to Facebook Business accounts. Previous attacks targeting Facebook did not target Facebook Business accounts in particular. If a victim can be induced to open a malicious link, the malware scans the infected computer for browsers and extracts cookies that indicate authenticated Facebook sessions for use in gaining access to those accounts. Command and control is handled via the Telegram messaging service, using the Telegram Bot system, and private data is also sent back to the hacker in this way.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
