Cisco Blogs
Share

Attack on Critical Infrastructure Leverages Template Injection

- July 7, 2017 - 0 Comments

Contributors:  Sean Baird, Earl Carter, Erick Galinkin, Christopher Marczewski & Joe Marshall 

Executive Summary

Attackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear power, that puts a new spin on the classic word document attachment phish. Typically, malicious Word documents that are sent as attachments to phishing emails will themselves contain a script or macro that executes malicious code. In this case, there is no malicious code in the attachment itself. The attachment instead tries to download a template file over an SMB connection so that the user’s credentials can be silently harvested. In addition, this template file could also potentially be used to download other malicious payloads to the victim’s computer.

<<Read_More>>

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

Share