Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.
SquirrelWaffle Leverages Malspam to Deliver Qakbot, Cobalt Strike
Threat is spreading widely via spam campaigns, infecting systems with a new malware loader.
SquirrelWaffle is a new malware loader that infects systems using malicious documents delivered via a link in an email message. Threat actors use the malware loader to establish an initial foothold onto systems and their network environments. The adversaries can either download additional types of malware or further compromise the network, depending on how they choose to monetize the attack. In many cases, SquirrelWaffle is being used to deliver and infect systems with Qakbot and the penetration-testing tool Cobalt Strike.
Beginning in mid-September, Cisco Talos observed malspam campaigns delivering malicious Microsoft Office documents designed to infect systems with SquirrelWaffle. The messages typically contain hyperlinks to malicious ZIP archives hosted on attacker-controlled Web servers. The chart, above, illustrates the volumetric trajectory of these campaigns between Sept. 1 and Oct. 15, 2021. Due to the prevalence of these campaigns, organizations should be aware of how SquirrelWaffle could be used to further compromise corporate networks.
About the Author
You May Also Like