• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
discord: a playground for nation state hackers targeting critical infrastructure

Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure

You are here: Home / General Cyber Security News / Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure
October 17, 2023

In what is the newest evolution of menace actors abusing respectable infrastructure for nefarious finishes, new results display that nation-point out hacking teams have entered the fray in leveraging the social system for concentrating on critical infrastructure.

Discord, in recent yrs, has grow to be a lucrative goal, performing as a fertile ground for hosting malware working with its content delivery network (CDN) as very well as allowing for facts stealers to siphon delicate details off the application and facilitating data exfiltration by means of webhooks.

“The usage of Discord is mainly confined to data stealers and grabbers that everyone can acquire or obtain from the Internet,” Trellix researchers Ernesto Fernández Provecho and David Pastor Sanz explained in a Monday report.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

But that could be transforming, for the cybersecurity firm claimed it observed evidence of an artifact focusing on Ukrainian critical infrastructures. There is at this time no proof linking it to a identified danger group.

“”The prospective emergence of APT malware strategies exploiting Discord’s functionalities introduces a new layer of complexity to the risk landscape,” the researchers mentioned.

The sample is a Microsoft OneNote file distributed by using an email concept impersonating the non-income dobro.ua.

The file, once opened, incorporates references to Ukrainian soldiers to trick recipients into donating by clicking on a booby-trapped button, ensuing in the execution of Visual Essential Script (VBS) created to extract and run a PowerShell script in order to down load an additional PowerShell script from a GitHub repository.

Discord Hacking

For its component, in the remaining phase, PowerShell will take advantage of a Discord webhook to exfiltrate process metadata.

“The reality that the only purpose of the final payload is acquiring details about the program signifies that the marketing campaign is however in an early stage, which also suits with the usage of Discord as [command-and-control],” the scientists reported.

“Having said that, it is vital to emphasize that the actor could provide a additional advanced piece of malware to the compromised units in the long run by modifying the file saved in the GitHub repository.”

Cybersecurity

Trellix’s assessment further unveiled that loaders this kind of as SmokeLoader, PrivateLoader, and GuLoader are amid the most prevalent malware households that utilize Discord’s CDN to obtain a future-phase payload, together with stealers like RedLine, Vidar, Agent Tesla, and Umbral.

On best of that, some of the widespread malware households that have been observed employing Discord webhooks are Mercurial Grabber, Stealerium, Typhon Stealer, and Venom RAT.

“The abuse of Discord’s CDN as a distribution mechanism for further malware payloads showcases the adaptability of cybercriminals to exploit collaborative applications for their acquire,” the researchers said.

“APTs are recognized for their innovative and focused attacks, and by infiltrating extensively used conversation platforms like Discord, they can proficiently establish extended-term footholds inside networks, putting critical infrastructure and delicate info at risk.”

Discovered this report intriguing? Follow us on Twitter  and LinkedIn to browse extra unique written content we article.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «critical vulnerabilities uncovered in open source casaos cloud software Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
Next Post: D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack d link confirms data breach: employee falls victim to phishing attack»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.