Close Menu
Hackers Exploit Bangladesh Embassy in Cairo Site
Security and Privacy

Hackers Exploit Bangladesh Embassy in Cairo Site

No Comments2 Mins Read

Attackers Target Bangladesh’s Cairo Embassy Website with New Phishing Tactics

Recent reports from Trustwave indicate that attackers have been utilizing new phishing bait tactics to lure users into clicking on malicious links. The Cairo embassy website of Bangladesh has been a recent target of these attackers, with successful exploitation being reported by researchers.

Exploiting Government Facility Domains

Research conducted in October 2018 revealed that the Coinlmp web miner was used to create a block for the government facility domain. Just two months later, a Microsoft Word document containing a malicious EPS script for the same domain was detected by the threat team. The malicious document exploited a use-after-free vulnerability, known as CVE-2017-0261.

Low Detection Rates and Control Over the Website

Although detection rates for the malicious page were low, researchers discovered that when attempting to access various webpages on the embassy’s website, they were prompted to save a file instead. This behavior indicated that malicious actors had gained control over the embassy’s website.

Unresponsiveness and Ongoing Infection

Despite efforts to alert the compromised domain about the infection, researchers received no response. As of the time of publishing, the site remains infected with malicious content. Analysis revealed that the file had been modified in October 2018, suggesting that the attackers may have targeted the site after running a wider infection campaign.

Exploiting Vulnerabilities and Dropping Payloads

The malicious file exploits the vulnerability CVE-2017-7255, allowing for privilege escalation and the execution of the main payload, known as the Godzilla loader. After establishing communication with the command-and-control server, additional executables can be dropped by the attacker. In this instance, researchers identified an additional downloader delivering a cryptominer payload.

See also  North Korea Targeting Crypto Industry, Says FBI

It is crucial for organizations to stay vigilant against evolving phishing tactics and regularly update their security measures to protect against such threats.

Share.

Related Posts

Add A Comment
Leave A Reply