Microsoft warns that a threat actor identified as DEV-0569, which is well-known for disseminating various malicious payloads, was recently seen updating its delivery techniques.
For the dissemination of malware, DEV-0569 has relied on malicious ads (malvertising), blog comments, phoney forum pages, and phishing links. However, over the past few months, Microsoft has observed that the threat actor has begun using contact forms to distribute phishing links, while choosing to host fake installers on legitimate-looking software download websites and repositories, like GitHub and OneDrive. The adversary still relies on malvertising to spread malware, and in one campaign even developed the strategy by incorporating Google Ads.
Also Read: Challenges in Protecting Critical Infrastructure against Cyber Threats
According to Microsoft, “These methods allow the group to potentially reach more targets and ultimately achieve their goal of deploying various post-compromise payloads.”
Read More: Microsoft Warns of Cybercrime Group Delivering Royal Ransomware, Other Malware
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
