A recent cybersecurity report by Securonix identifies a new campaign dubbed SERPENTINE#CLOUD, which utilizes Cloudflare Tunnel subdomains to serve malicious payloads through phishing emails. These emails often contain zipped documents with disguised Windows shortcut files that prompt users to execute them, initiating a sophisticated multi-stage attack. This process involves memory-injected payloads delivered via Python-based loaders, targeting users in the U.S., U.K., Germany, and other regions. This campaign signifies a continuing trend of threat actors adapting their methods and employing legitimate cloud services to facilitate their operations, making detection more challenging for cybersecurity professionals.
The new SERPENTINE#CLOUD campaign exploits Cloudflare Tunnel subdomains to host and deliver malicious payloads through phishing emails, utilizing advanced evasion techniques.
The attack involves a complex method where phishing emails lead to zipped documents containing disguised shortcut files, which trigger a multi-step infection process.
Collection
[
|
...
]