Seven Days Of The Collect Exfiltrate Sleep Repeat Spin Cycle
Threat actors targeted users in a phishing campaign that delivered a job application themed macro enable document.
If the unsuspecting recipient executed the document and enabled the macro VBS and PowerShell files were created for further compromise of the machine.
The malicious scripts made use of many OS native tools as well as some legitimate open source packages to carry out nefarious tasks.
Scheduled tasks were created to gather system information gather local and domain user account and install a keylogger that was developed from the opensource software AutoHotkey.
Although the attackers successfully acquired access and exfiltrated some collected data the attackers were not seen carrying out further actions on the victim machines.
Featured Resources
blog
CISA Alert – Is Your Organization Exposed?
Cybersecurity is no longer a luxury, it’s a necessity with new threats emerging every day. Every day the Cybersecurity and
blog
2025 Predictions: Finally Solving Fatigue in Security and Operations
Fatigue in security and operations is not just about tired employees, but rather it’s analysts and operations staff that are
blog
How cybersecurity leaders are optimizing their budgets in 2025
2024 was a year that saw some of the biggest and most damaging data breaches in recent history, according to
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe