Kaspersky reports a new malware called SharkLoader is being used to deploy Cobalt Strike in cyber attack campaigns. Targeting various sectors in multiple countries, the campaign reveals a significant and global threat landscape potentially linked to a Chinese-speaking threat actor.
A recently identified cyber campaign employs a new malware strain named SharkLoader. This malware acts as a loader to deploy Cobalt Strike Beacon on compromised systems, indicating an escalation in effective cyber-attack methodologies.
Kaspersky identifies the campaign's targets as diverse, including a diplomatic entity in Indonesia and multiple governmental and software development organizations in Taiwan. Other affected countries include Hong Kong, Lebanon, Syria, Colombia, North Macedonia, Nepal, and Serbia, highlighting the campaign's extensive geographical reach.
The operators have exploited several known vulnerabilities, including Exchange Server flaws (CVE-2021-26855) and a path traversal vulnerability in Openfire (CVE-2023-32315). Additionally, a wide range of other vulnerabilities across various platforms have been weaponized to gain access to the systems and deliver the SharkLoader malware.
While no direct links to known threat actors or groups have been established, the use of open-source tools like FScan and Pillager suggests that Chinese-speaking developers may be behind the campaign. This adds to the suspicion regarding the operators' origins and intentions.
The emergence of SharkLoader and its deployment methods represent a high-level threat, utilizing effective exploitation techniques and targeting a wide array of sectors. Organizations should be aware of the vulnerabilities being exploited and strengthen their defenses against such opportunistic attack campaigns.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Kaspersky reports a new malware called SharkLoader is being used to deploy Cobalt Strike in cyber attack campaigns. Targeting various sectors in multiple countries, the campaign reveals a significant and global threat landscape potentially linked to a Chinese-speaking threat actor.