Dozens of Italian manufacturing companies are reportedly victims of a series of hacker attacks that infect computer systems with fake Microsoft Office and Excel documents through a botnet called Dridex. This is what the cyber security company Yoroi claims, which in a note explains how these tools are becoming the preferred dissemination tools for many cybercriminals to inject malware into companies. It is "an extremely flexible and abused technique by both opportunist actors and APTs, the so-called 'persistent advanced threats' that are headed by well-financed and organized criminal groups and often supported by rogue governments", explains Yoroi. The company has been closely monitoring the waves of attacks that adopt a new technique:binary libraries loaded directly from Microsoft Excel, in just one click. This emerging dissemination technique takes advantage of xll files, a special type of file containing a Microsoft Excel application ready to be loaded. "This method of exploiting Microsoft Office is being silently abused in many waves of attacks around the world, but recently this emerging technique has been used to target Italian manufacturing companies," the company adds in a statement. The Yoroi Cert has been monitoring the new technique since the summer of 2021. "Already originally observed in sporadic attacks, in the last month criminal actors have begun to abuse the new technique even against Italian realities", explains Yoroi. "The dangerous technique is currently used by the criminal botnet Dridex in the course of large-scale attacks, indicating a potential explosion of this attack technique over the next few months of 2022. Dridex is one of the most dangerous and resistant banking malware in the world, since 2010 it has exploited the macros of Word and Excel, and its botnet, that is the network of zombie computers it uses to spread its malicious load, is among the most extensive among those known. Attacks from this botnet can lead to a double-extortion ransomware infection as it already happened in April against many Italian municipalities in the North-West ", adds the company.indicating a potential explosion of this attack technique during the next months of 2022. Dridex is one of the most dangerous and resistant banking malware in the world, since 2010 it has exploited the macros of Word and Excel, and its botnet, that is the network of zombie computers it uses to spread its malicious load is among the largest known. Attacks from this botnet can lead to a double-extortion ransomware infection as it already happened in April against many Italian municipalities in the North-West ", adds the company.indicating a potential explosion of this attack technique during the next months of 2022. Dridex is one of the most dangerous and resistant banking malware in the world, since 2010 it has exploited the macros of Word and Excel, and its botnet, that is the network of zombie computers it uses to spread its malicious load is among the largest known. Attacks from this botnet can lead to a double-extortion ransomware infection as it already happened in April against many Italian municipalities in the North-West ", adds the company.Attacks from this botnet can lead to a double-extortion ransomware infection as it already happened in April against many Italian municipalities in the North-West ", adds the company.Attacks from this botnet can lead to a double-extortion ransomware infection as it already happened in April against many Italian municipalities in the North-West ", adds the company.
Share
November 16, 2021 - Dozens of Italian manufacturing companies are reportedly victims of a series of hacker attacks that infect computer systems with fake Microsoft Office and Excel documents through a botnet called Dridex.
This is what the cyber security company Yoroi claims, which in a note explains how these tools are becoming the preferred tools for many cybercriminals to inject malware into companies.
It is "an extremely flexible and abused technique by both opportunist actors and APTs, the so-called 'persistent advanced threats' that are headed by well-financed and organized criminal groups and often supported by rogue governments", explains Yoroi.
The company has been closely monitoring the waves of attacks that adopt a new technique: binary libraries loaded directly from Microsoft Excel, in just one click. This emerging dissemination technique takes advantage of xll files, a special type of file containing a Microsoft Excel application ready to be loaded.
"This method of exploiting Microsoft Office is being silently abused in many waves of attacks around the world, but recently this emerging technique has been used to target Italian manufacturing companies," the company adds in a statement. Yoroi's Cert has been monitoring the new technique since the summer of 2021.
"Already originally observed in sporadic attacks, in the last month criminal actors have begun to abuse the new technique even to the detriment of Italian realities", explains Yoroi.
"The dangerous technique is currently used by the criminal botnet Dridex in the course of large-scale attacks, indicating a potential explosion of this attack technique over the next few months of 2022. Dridex is one of the most dangerous and resistant banking malware in the world. , has been exploiting Word and Excel macros since 2010, and its botnet, the network of zombie computers it uses to spread its malicious load, is among the largest known. Attacks from this botnet can lead to a double-extortion ransomware infection as it already happened in April to the detriment of many Italian municipalities in the North-West ", adds the company.
