Palo Alto Networks Unit 42 researchers have identified a significant uptick in phishing attacks leveraging the StrelaStealer malware, impacting over 100 organizations across the United States and European Union. These campaigns, unveiled in a new report, demonstrate a concerning escalation in cyber threats targeting diverse sectors within these regions.
The attackers employ sophisticated tactics, continually adapting attachment formats to evade detection and maximize their success rate. StrelaStealer, initially disclosed in November 2022, has evolved into a potent tool capable of extracting email login credentials from well-known email clients, posing a serious threat to organizational cybersecurity.
Notably, the malware has been deployed in large-scale campaigns in November 2023 and January 2024, with attackers demonstrating a strategic shift towards sectors including high tech, finance, government, and more. Furthermore, the evolution of StrelaStealer to incorporate enhanced obfuscation and anti-analysis techniques underscores the growing sophistication of cybercriminal operations.
The phishing campaigns associated with StrelaStealer typically commence with spam emails containing attachments, masquerading as legitimate documents or notifications. Upon opening these attachments, victims unwittingly initiate the malware’s payload, leading to the installation of StrelaStealer onto their systems. Once infected, the malware operates stealthily, exfiltrating sensitive data to command-and-control servers controlled by the attackers. This modus operandi reflects the increasing prevalence of highly orchestrated cyber attacks designed to infiltrate and compromise organizational networks for malicious purposes.
