Stealthy Cyber Attacks: LNK Files & SSH Commands Playbook
Essential information
- Published
- 19/12/2024 12:56
- Modified
- 19/12/2024 13:38
- Tags
- 2024-12-19 cyber attacks evasion techniques hackbrowserdata living-off-the-land binaries lnk files powershell rundll32 scp ssh commands
- Related entities
- 5 vulnerabilities (cve), 6 observables, 10 techniques (mitre), 1 malware
Description
This analysis explores a rising trend in cyber attacks where threat actors leverage LNK files and SSH commands as initial infection vectors. The attackers use meticulously crafted shortcut files, often disguised as legitimate documents, to execute commands using Living-off-the-Land Binaries (LOLBins). The report highlights three specific campaigns: one using SCP to download and execute malicious files, another abusing SSH and PowerShell commands to run harmful payloads, and a third combining SSH and CMD commands to load malicious DLLs. These sophisticated techniques aim to bypass traditional security mechanisms and evade detection by exploiting trusted system utilities. The evolving tactics underscore the need for continuous vigilance and adapted security strategies to counter these advanced attack vectors.