Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Unveiling the Agent Tesla Malware Campaign

April 2, 2024
Reading Time: 3 mins read
in Alerts
Unveiling the Agent Tesla Malware Campaign

The cybersecurity landscape faces another significant threat as researchers uncover a recent Agent Tesla malware campaign targeting organizations in the United States and Australia. This sophisticated attack vector utilizes phishing emails masquerading as purchase orders to lure unsuspecting victims into clicking on malicious links embedded within. Once triggered, an obscured Agent Tesla sample, protected by Cassandra Protector, is clandestinely downloaded and executed, enabling the stealthy extraction of keystrokes and login credentials from compromised systems.

Investigations into this nefarious campaign have shed light on the identities of two key cybercriminals: Bignosa, the primary threat actor, and Gods, an accomplice in the malicious activities. These individuals employed a vast email database and multiple servers for Remote Desktop Protocol (RDP) connections and malware dissemination. The meticulous preparation phase preceding the distribution of malicious spam underscores the calculated nature of this operation, indicating a high level of sophistication and organization.

The modus operandi of the “Bignosa” threat actor involves the deployment of two distinct malware campaigns aimed at Australian and US organizations. Phishing emails containing a disguised Agent Tesla attachment (PDF.IMG), shielded by Cassandra Protector, serve as the primary delivery mechanism for the malware payload. Bignosa strategically compromises servers, installs Plesk and RoundCube, and establishes SSH and RDP connections to orchestrate the attacks. Notably, each campaign originates from different servers, leveraging varied geographical locations and connection protocols to evade detection.

Cassandra Protector, a tool utilized by Bignosa to obfuscate code and create executables disguised as ISOs, plays a pivotal role in the malware delivery process. This sophisticated tool offers features such as persistence, anti-virus evasion, and customization, enabling the malware to bypass security measures and persist undetected on infected systems. The collaboration between Bignosa and Gods, facilitated through communication channels like Jabber and TeamViewer, further highlights the coordinated effort behind these malicious activities.

Reference:
  • Agent Tesla Malware Steals Login Credentials From Chrome & Firefox

Tags: Agent TeslaApril 2024AustraliaCHROMECyber AlertCyber Alerts 2024Cyber RiskCyber threatFirefoxGoogleMalwareUnited States
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial