A threat actor that is relatively new to the scene relies on open-source tools for spear-phishing attacks designed to steal credentials from government and educational institutions in the Middle East. The group is being tracked as DarkHydrus by researchers at Palo Alto Networks Unit 42, who observed it using Phishery in a recent credential harvesting attack.
Following this news, Maor Hizkiev, CTO and Co-founder of BitDam, said:
“Using open-source tools is a smart move by attackers, because it saves development time and effort, and when they get caught they don’t lose any proprietary ammunition, making the discovery of the attack cheap for them.
“This method is not new and was used before in ransomware attacks and other malwares like BlackEnergy, which was known to attack power grids. In any case, a user should be alerted whenever an attachment behaves out of the ordinary – for example, asking for credentials when opening a document from outside the organisation, is not something that regularly happen and should be avoided.”