latest Post Click Subscribe!
Home
Cyber Attack

CAPTCHAs-ring Targets

We are familiar with CAPTCHAs - The annoying squiggly letters or muffled sounds that used by websites to Stop robots or bots. However, these CAPTCHAs are now likely to be used to target people in sophisticated cyberattacks.
Please wait 0 seconds...
Scroll Down and click on Go to Link for destination
Congrats! Link is Generated
CAPTCHAs-ring Targets

Cyber Alert

We are familiar with CAPTCHAs - The annoying squiggly letters or muffled sounds that used by websites to Stop robots or bots. However, these CAPTCHAs are now likely to be used to target people in sophisticated cyberattacks.

What’s going on?

  • An attack was recently found by Microsoft that distributed malicious Excel documents on a site that required users to complete a CAPTCHAs. The Excel file contains macros that were designed to install the GraceWire trojan.
  • The campaign, named Dudear (also known as TA505/SectorJ04/Evil Corp), has been associated with the Chimborazo group.
  • In January this year, the group was found to leverage the IUP traceback service to track the IP addresses of machines downloading the Excel file.

How does this work?

  • When the HTML attachment containing an iframe tag is clicked, the victims are redirected to a site where they download the malicious file, but only after completion of the CAPTCHAs.
  • The successful completion of CAPTCHAs indicates that analysis will only be conducted when a human downloads the sample.
  • With no automation, the malicious file can stay under the radar easily. 

More about the Threat actors

TA505 is a Russian threat actor, active since 2014. Some of its most notable attacks include:

  • TA505 is also the threat actor behind the Locky ransomware and has been using COVID-19 lures to deliver downloaders to the victims’ systems.
  • Last year, the group was spotted using legitimately signed certificates to disguise malware that can infiltrate banking networks.
  • Dudear has conducted operations in North and South America, Africa, and Asia to target banking customers.
  • Apart from GraceWire, the group also uses FlawedAmmy RAT.

Attackers stay ahead of the defenders by regularly upgrading their TTPs. This results in the creation of a circle of back and forth processes, requiring constant attention. It is expected that more threat actors will change their strategies in the near future to further propagate their campaigns.

Our Thought:

Hackers are not Your Family Member So, be Careful From Hackers.

- Gyanesh Maurya
Go to Link
#Cyber Attack

3 comments

  1. Oooo
  2. Good content
  3. Super
Please do not post any spam links
Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.