Source URL: securelist.com/strikesha… Kaspersky’s Securelist research describes StrikeShark, a broader campaign involving a newly documented malware family named SharkLoader that is designed to deploy Cobalt Strike Beacon on compromised systems. The activity was first identified during an investigation involving a diplomatic organization in Indonesia, then expanded to related infections across multiple countries and sectors, including government organizations, software development companies and entities in Hong Kong, Lebanon, Syria, Colombia, North Macedonia, Nepal and Serbia. The attackers used exploitation of internet-facing applications such as Microsoft Exchange, Microsoft SharePoint, Openfire Server and other known vulnerabilities, as well as malware-based delivery mechanisms, indicating a geographically broad and opportunistic campaign rather than a narrow industry-specific operation.
StrikeShark: Investigating a new campaign delivering Cobalt Strike through SharkLoader
Edward Kiledjian
@ekiledjian