Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C www.trendmicro.com/en_us/res…
Further investigation into the active Water Saci campaign shows a new attack chain that utilizes an email-based C&C infrastructure, employs multi-vector persistence for resilience, and incorporates advanced checks to evade analysis and restrict activity to specific targets.
The new attack chain also features a sophisticated remote command-and-control system that allows threat actors real-time management, including pausing, resuming, and monitoring the malware’s campaign, effectively converting infected machines into a botnet tool for coordinated, dynamic operations across multiple endpoints.
Trend Vision One™ detects and blocks the IoCs discussed in this blog. Trend Micro customers can also access tailored hunting queries, threat insights, and intelligence reports to better understand and proactively defend against this campaign. In addition, Trend customers are protected from the Water Saci campaign via the specific rules and filters listed at the end of this blog entry.
