“Inception Attackers” Combine Old Exploit and New Backdoor

A malicious group known as the “Inception attackers” has been using a year-old Office exploit and a new backdoor in recent attacks, Palo Alto Networks security researchers warn. Active since at least 2014, the group has used custom malware and against targets spanning various industries worldwide, with a special interest in Russia.

In October 2018, the threat actor was observed hitting various European targets in attacks employing an exploit for a vulnerability (CVE-2017-11882) that Microsoft patched in November 2017. Furthermore, the hackers were using a new PowerShell backdoor dubbed POWERSHOWER, which revealed high attention to detail in terms of cleaning up after infection.

Read more about the Inception attackers on SecurityWeek.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief