By Asheer Malhotra.
- Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents (maldocs) to spread Cobalt Strike beacons containing full-fledged RAT capabilities.
- These maldocs use malicious macros to deliver a multistage and highly modular infection.
- This campaign appears to target military and government organizations in South Asia.
- Network-based detection, although important, should be combined with endpoint protections to combat this threat and provide multiple layers of security.
Cisco Talos has recently discovered a new campaign distributing a multistage attack used to infect target endpoints with customized Cobalt Strike beacons. Due to the theme of the malicious documents (maldocs) employed, it is highly likely that military and government organizations in South Asia were targeted by this attack.