The Curious Case of an Excellent Resume
Essential information
- Published
- 04/12/2024 20:55
- Modified
- 04/12/2024 21:38
- Tags
- 2024-12-04 CVE-2023-27532 apt c2 pyramid cloudflared cobalt strike credentials lateral movement more_eggs persistence privilege-escalation skid spicyomelette terra loader
- Related entities
- 1 vulnerabilities (cve), 20 observables, 1 intrusion sets (apt), 26 techniques (mitre), 4 malware
Description
This report details a malicious campaign where the threat actor gained initial access through a resume lure as part of a TA4557/FIN6 operation. The actor employed techniques like abusing legitimate binaries, establishing Cobalt Strike and Pyramid C2, exploiting CVE-2023-27532 for lateral movement, and using Cloudflared for tunneling traffic.