Phishing Campaign Delivers A Double Hitter

A phishing attack is being sent with Word attachments that deliver both the Gandcrab ransomware and Ursnif executable.  This phishing campaign was detected by researchers at Carbon Black, this attack has hit infected systems with a lethal attack combination that harvests credentials, gathers system and process information and afterwards it encrypts data in order to extort payments from victims.

Jared Myers, senior threat researcher for Carbon Black stated “The campaign appears to be ongoing, as we are seeing additional payloads being posted on pastebin.com that are almost identical to the payloads that were leveraged to data extracted from our analysis of these samples.”

The Attack

The initial phishing emails included a Microsoft Word document that delivers the early stages of the attack. “The overall attack leverages several different approaches, which are popular techniques amongst red-teamers, espionage-focused adversaries and large-scale criminal campaigns,” said Carbon Black researchers in a Thursday analysis. Read More


Discover more from Patrick Domingues

Subscribe to get the latest posts to your email.

author avatar
Patrick Domingues

Leave a Comment

Stay Informed

Receive instant notifications when new content is released.