Another new attack tactic, that bypasses both of the Microsoft 365 advanced security (ATP) and default security (EOP), has been spotted.
Avanan researchers have revealed a striking rise in the use of a symbolic link (SLK) files against Microsoft 365 users. The threat actors sent an email with an SLK attachment that contained a malicious macro leading to the download and installs a RAT.
The bottom line remains that the attack was highly obfuscated, and was specifically designed to bypass a certain security layer of the Microsoft 365 infrastructure. Every file is unique, and never two attachments share similar/common MD5 hash. However, Gmail users are hopefully secure from this attack as Google blocks it actively on the incoming email.
To Read More: Cyware
