An attack against a telecommunications agency in South Asia began with a simple email that initially appeared to be a standard malicious spam email message.
However, the attached Word doc was weaponized using a malicious tool, Royal Road, and is equipped with an exploit for an Equation Editor vulnerability (CVE-2018-0798).
While a payload was unavailable at the time of the investigation, OSINT research points to the Poison Ivy RAT, which FortiGuard Labs has previously highlighted.
Based on analysis, Asian organizations, and potentially some in Mexico, were a reconnaissance target of a threat actor that we believe was also involved in Operation NightScout in 2021.
This threat actor, who uses Chinoxy and PivNoxy in their arsenal, has been active since at least mid-2016.
A Tale of PivNoxy and Chinoxy Puppeteer
Userlevel 5
+3
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Login
CUSTOMER / CYMULATE EMPLOYEE LOGINor
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.