|
|
|
|
|
|
by NewEntryHN
68 days ago
|
|
|
He says it mimicks what is described here: https://cloud.google.com/blog/topics/threat-intelligence/unc... Which is basically phishing: > The meeting link itself directed to a spoofed Zoom meeting that was hosted on the threat actor's infrastructure, zoom[.]uswe05[.]us. > Once in the "meeting," the fake video call facilitated a ruse that gave the impression to the end user that they were experiencing audio issues. > The recovered web page provided two sets of commands to be run for "troubleshooting": one for macOS systems, and one for Windows systems. Embedded within the string of commands was a single command that initiated the infection chain. |
|
|