Monday, June 27, 2022

New PowerShortShell Stealer Exploits Recent Microsoft MSHTML Vulnerability to Spy on Farsi Speakers

Summary

SafeBreach Labs discovered a new Iranian threat actor using a Microsoft MSHTML Remote Code Execution (RCE) exploit for infecting Farsi-speaking victims with a new PowerShell stealer. The threat actor initiated the attack in mid-September 2021, and it was first reported by ShadowChasing [ 1 ] on Twitter. However, the PowerShell Stealer hash/code was not published and was not included in VirusTotal or other public malware repositories.

SafeBreach Labs analyzed the full attack chain, disc…

Read More

Latest news
Related news