Techly NewsGet the app

Get the latest tech news

Threat actor abuses Cloudflare tunnels to deliver remote access trojans


Key findings  Proofpoint has observed an increase in malware delivery via TryCloudflare Tunnel abuse.  The activity is financially motivated and delivers exclusively remote access trojans (RATs).  ...

While the tactics, techniques and procedures (TTPs) of the campaigns remain consistent, the threat actor does appear to modify different parts of the attack chain to increase sophistication and defense evasion. In recent months Proofpoint has observed campaigns delivering Java-based malware that bundle a JAR and the Java Runtime Environment (JRE) inside a ZIP to ensure the correct software is installed before executing the downloader or dropper. Threat actors are increasingly using WebDAV and Server Message Block (SMB) for payload staging and delivery as the cybercriminal ecosystem continues to experiment with different TTPs.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of rats

rats

Photo of threat actor

threat actor

Photo of cloudflare tunnels

cloudflare tunnels

Related news:

News photo

Threat actor scraped Dell support tickets, including customer phone numbers

News photo

Threat Actor Scraped Dell Support Tickets, Including Customer Phone Numbers

News photo

Threat actor says he scraped 49M Dell customer addresses before the company found out

« Show HN: Anyma V, a hybrid physical modelling virtual instrument
Space is a latent sequence: A theory of the hippocampus »