Follina suspected state aligned phishing campaign
This campaign masqueraded as a salary increase and utilized an RTF with the exploit payload downloaded from 45.76.53[.]253.
The downloaded Powershell script was base64 encoded and used Invoke-Expression to download an additional PS script from seller-notification[.]live.
This script checks for virtualization, steals information from local browsers, mail clients and file services, conducts machine recon and then zips it for exfil to 45.77.156[.]179.
Featured Resources
blog
Proactive Security in Action: What Real-World Gaps Reveal About Cyber Resilience
Today’s threat actors move fast, and reactive security is no longer enough. Most breaches have a common root cause: a
E-book
10 Cybersecurity Exposures You Can’t Afford to Ignore
Lessons from Real-World Exposure Validation Think your defenses are airtight?Even well-funded, mature security programs can leave dangerous gaps. This eBook
blog
Kubernetes Security Best Practices: Insights from Real-World Attack Simulations
Securing Kubernetes in production environments is more than a checkbox exercise. It’s a continuous battle against sophisticated attack vectors. Research