March 25, 2024 at 10:18AM
Summary: Over 100 US and EU organizations have been targeted in recent phishing campaigns distributing the StrelaStealer malware, which harvests credentials from email clients. Palo Alto Networks reports multiple large-scale campaigns with varying techniques, targeting high-tech, finance, legal, government, and other sectors. The evolving malware aims to evade security detection.
Based on the meeting notes, it is clear that there has been a concerning increase in large-scale phishing campaigns targeting over 100 organizations in the US and EU with the StrelaStealer malware. The malware, first documented in November 2022, has been actively harvesting credentials from various email clients and sending them to an attacker-controlled command-and-control server.
Palo Alto Networks has identified multiple large-scale campaigns over the past five months, with the attackers launching waves of emails targeting North American and European regions, particularly in the high-tech sector, finance, professional and legal services, manufacturing, government, utilities and energy, insurance, and construction industries.
Notably, the recent attacks involved a change in attachment type preference, utilizing a ZIP attachment containing a JScript file designed to drop the final payload in the form of a DLL. These attacks also feature updated obfuscation techniques, likely aimed at evading detection by security vendors.
The attackers behind StrelaStealer remain persistent in their activities, continuously updating both the email attachment and the DLL payload to prevent detection by security vendors. This necessitates heightened vigilance and strong security measures to counter such evolving threats.
These findings align with broader trends in the cybersecurity landscape, such as the decline in ransomware attacks and the rise of infostealers and AI threats, as reported by IBM X-Force. Additionally, it’s worth noting that similar infostealers have been reported targeting businesses, underscoring the significance of addressing these evolving threats proactively.