"The new SERPENTINE#CLOUD campaign exploits Cloudflare Tunnel subdomains to host and deliver malicious payloads through phishing emails, utilizing advanced evasion techniques."
"The attack involves a complex method where phishing emails lead to zipped documents containing disguised shortcut files, which trigger a multi-step infection process."
A recent cybersecurity report by Securonix identifies a new campaign dubbed SERPENTINE#CLOUD, which utilizes Cloudflare Tunnel subdomains to serve malicious payloads through phishing emails. These emails often contain zipped documents with disguised Windows shortcut files that prompt users to execute them, initiating a sophisticated multi-stage attack. This process involves memory-injected payloads delivered via Python-based loaders, targeting users in the U.S., U.K., Germany, and other regions. This campaign signifies a continuing trend of threat actors adapting their methods and employing legitimate cloud services to facilitate their operations, making detection more challenging for cybersecurity professionals.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]