New AtlasCross hackers use American Red Cross as phishing lure

pMicrosoft fixes critical Azure CLI flaw that leaked credentials in logsppLockBit ransomware exploits Citrix Bleed in attacks 10K servers exposedppMicrosoft November 2023 Patch Tuesday fixes 5 zerodays 58 flawsppEthereum feature abused to steal 60 million from 99K victimsppIPStorm botnet with 23000 proxies for malicious traffic dismantledppWP Fastest Cache plugin bug exposes 600K WordPress sites to attacksppNew Reptar CPU flaw impacts Intel desktop and server systemsppVMware discloses critical VCD Appliance auth bypass with no patchppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to open a Windows 11 Command Prompt as AdministratorppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppeLearningppIT Certification CoursesppGear GadgetsppSecurityppppA new APT hacking group named AtlasCross targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malwareppCybersecurity firm NSFocus identified two previously undocumented trojans DangerAds and AtlasAgent associated with attacks by the new APT groupppNSFocus reports that the AtlasCross hackers are sophisticated and evasive preventing the researchers from determining their originppAfter an indepth study of the attack process NSFOCUS Security Labs found that this APT attacker is quite different from known attacker characteristics in terms of execution flow attack technology stack attack tools implementation details attack objectives behavior tendency and other main attribution indicators explains NSFocusppThe technical level and cautious attitude shown by this attacker during this activity are also worthy of attentionppAtlassCross attacks begin with a phishing message pretending to be from the American Red Cross requesting the recipient to participate in a September 2023 Blood DriveppThese emails contain a macroenabled Word document docm attachment that urges the victim to click Enable Content to view the hidden contentppHowever doing so will trigger malicious macros that infect the Windows device with the DangerAds and AtlasAgent malwareppThe macros first extracts a ZIP archive on the Windows device to drop a file named KB4495667pkg which is the DangerAds system profiler and malware loader A scheduled task named Microsoft Office Updates is created to launch DangerAds daily for three daysppDangerAds functions as a loader assessing the host environment and running builtin shellcode if specific strings are found in the systems username or domain name an example of AtlasCrosss narrow targeting scopeppEventually DangerAds loads x64dll which is the AtlasAgent trojan the final payload delivered in the attackppAtlasAgent is a custom C trojan and its core functions include extracting host and process details preventing the launch of multiple programs executing additional shellcode on the compromised machine and downloading files from the attackers C2 serversppUpon first launch the malware sends information to the attackers servers including local computer name network adapter information local IP address network card info OS system architecture and version and a running process listppThe attackers servers will then respond with commands for AtlasAgent to execute which can be done using new threads or within one of the existing processes making it harder for security tools to detect and stopppMoreover AtlasAgent supports the following commandsppWhile NSFocus report is the first detailing the new hacking group AtlasCross remains a largely unknown threat that operates on unclear motives and obscure targeting scopeppThe threat actors selective targeting custommade trojans and malware loaders combined with a preference for discreet infection methods over efficiency have allowed them to operate undetected for an undefined durationppBlueNoroff hackers backdoor Macs with new ObjCShellz malwareppHackers backdoor Russian state industrial orgs for data theftppNew TetrisPhantom hackers steal data from secure USB drives on govt systemsppDiscord still a hotbed of malware activity Now APTs join the funppRussian Sandworm hackers breached 11 Ukrainian telcos since MayppNot a member yet Register NowppIsrael warns of BiBi wiper attacks targeting Linux and WindowsppMicrosoft November 2023 Patch Tuesday fixes 5 zerodays 58 flawsppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2023 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp