Inception Group Uses POWERSHOWER Backdoor in Two-Stage Spear Phishing Attacks

The Inception threat group has been observed exploiting the CVE-2017-11882 Microsoft Office memory corruption vulnerability and a PowerShell-based backdoor dubbed POWERSHOWER to attack European targets during October 2018.

Inception was seen in action since at least 2014, using multiple highly automated malware toolkits targeting a cast array of industries and platforms from all around the world, with a focus on Russian targets.

Moreover, Inception is also known for using multiple compromised routers from all over the world as proxies to efficiently hide the origin of their attacks, and automatically removing all tracks to the attackers after making the connection to the victim machine.

Inception uses two-stage spear phishing attacks since 2014, with the first stage being an email containing a reconnaissance document designed to automatically fingerprint the victim device.

The first attac... (read more)

No comments:

Post a Comment