Sekoia has another excellent write-up on an attack they are seeing. The fact that this attack is successful in some places boggles my mind. It has a smorgasbord of known attacker TTPs that everyone should be monitoring, controlling and/blocking. Example TTPs include:
- Use of trycloudflare.com
- Use of dynamic DNS (duckdns!)
- Use of Wscript.exe
- Use of Mshta.exe
You know what to do folks!
From: @sekoia_io
https://infosec.exchange/@sekoia_io/114386351495475519