When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Unidentified attackers
The victims and their companies are carefully selected to broaden the impact of the campaign.
Some of the identified targets manage key infrastructure in the U.S, the researchers said.
This attachment leads to an SVG file that downloads obfuscated JavaScript and PowerShell scripts.
There were more than 300 unique samples of the loader identified in the same timeframe.
Each version has minor changes in code structure, obfuscation, variable names, and values.
The domains follow a specific structure, the researchers explained.
They are in the top TLD, use eight random characters, and are registered in Nicenic.net.
They use South Africa for the country code, and are all hosted on DigitalOcean.
Apparently, the hackers made quite the effort to obfuscate the malware samples.
ViaBleepingComputer
