New APT Actor240524 Weaponizing Official Documents To Deliver Malware
gbhackersA new APT group, dubbed Actor240524, launched a spear-phishing campaign targeting Azerbaijani and Israeli diplomats on July 1, 2024, where the attackers employed a malicious Word document containing Azerbaijani-language content disguised as official documentation to lure victims.
The attack indicates a potential focus on disrupting the Azerbaijan-Israel relationship, as the group leverages new Trojan programs, ABCloader and ABCsync, to steal sensitive data and remains undetected through various countermeasures.
An attack commences with a phishing document that, upon user interaction, executes embedded VBA code to decrypt and store a malicious payload as a seemingly benign .log file.
It acts as a loader, performs environment checks, evades analysis, and decrypts additional payloads, including a DLL. Subsequently, it loads the DLL, establishing a connection to a C2 server for remote command execution and control.
The ABCloader and ABCsync Trojans employ robust anti-analysis measures. Critical components, including strings ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE