Malware Cluster Bombs: A New Threat
Ophtek, LLC –
A new threat actor group called Unfurling Hemlock has been launching malware cluster bomb attacks, which have been verified as active in at least 10 countries, with most targets being US-based
The earliest evidence of these infections dates back to February 2023
Malware cluster bombs are a new technique where multiple strains of malware are compressed into cabinet files within a malicious executable named WEXTRACT.EXE
When executed, the malware strains are extracted and run in reverse order, infecting the target device with a cocktail of attacks, including botnets, backdoors, and info stealers
Unfurling Hemlock is believed to be harvesting sensitive data to sell, and their approach is effective because it increases opportunities for monetization and enhances persistence
To stay safe from malware cluster bombs, it is recommended to:
1) Regularly update and patch all software, including operating systems and applications, using automated patch management tools when possible.
2) Use reputable antivirus and anti-malware software across the network, ensuring they are regularly updated to recognize and handle the latest threats.
3) Conduct regular employee training sessions to help them recognize phishing attempts, suspicious emails, and other potential threats, as well as best practices for safe internet use and reporting suspicious activities
Employees are the first line of defense, so it is crucial to reduce the likelihood of attacks due to human error
For more ways to secure and optimize business technology, it is recommended to contact local IT professionals.
Link: https://ophtek.com/malware-cluster-bombs-a-new-threat