APT hacking group AtlasCross targets organizations

Share post:

A new advanced persistent threat (APT) hacking group named AtlasCross has been discovered targeting organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware.

Cybersecurity firm NSFocus identified two previously undocumented trojans, DangerAds and AtlasAgent, associated with attacks by the new APT group.

NSFocus reports that the AtlasCross hackers are sophisticated and evasive, preventing the researchers from determining their origin.

The group’s attacks begin with a phishing email that pretends to be from the American Red Cross, requesting the recipient to participate in a “September 2023 Blood Drive.” The email contains a macro-enabled Word document (.docm) attachment that urges the victim to click “Enable Content” to view the hidden content. Doing so will trigger malicious macros that infect the Windows device with the DangerAds and AtlasAgent malware.

DangerAds functions as a loader, assessing the host environment and running built-in shellcode if specific strings are found in the system’s username or domain name. This suggests that AtlasCross has a narrow targeting scope, focusing on specific organizations or industries. Eventually, DangerAds loads x64.dll, which is the AtlasAgent trojan, the final payload delivered in the attack.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

FBI’s Operation Level Up Ends Cyber Scams and Saves Millions of Dollars and Lives

We should send a love note out to The Federal Bureau of Investigation (FBI) who launched Operation Level...

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways