A Website Attacked

SUMMARY :

This report investigates a watering hole attack on a U.S. apartment website that delivered malware by spoofing a fake browser update. The investigation uncovered dozens of other compromised websites from various industries like healthcare, retail, and consumer sites. The compromised sites loaded malicious scripts from external domains, using techniques like iframes, random variable strings, and insertBefore methods. The malware spoofed Chrome, Mozilla, and Edge browser updates to deliver NetSupport malware. Domain registration analysis revealed the actor utilized various registrars, ISPs, and nameservers, prioritizing volume and speed over operational security. The activity shares similarities with the Socgholish threat group.

OPENCTI LABELS :

malware,watering hole,netsupport,spoofing,browser updates,compromised websites


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


A Website Attacked