A new wave of cyberattacks has set its sights on the sensitive data within the US education and government sectors, discovered cybersecurity researchers at the cybersecurity platform, Veriti. This campaign leverages a combination of two malware strains: Agent Tesla and Taskun.
Agent Tesla and Taskun- The Deceptive Duo
Agent Tesla is an infamous malware and sophisticated spyware, designed to steal a user’s most valuable data. The malware is known for capturing keystrokes, screenshots, and even login credentials for various applications including browsers and VPNs. With this stolen information, attackers gain unauthorized access to user’s accounts and potentially sensitive systems.
On the other hand, according to Veriti’s blog post, Taskun serves as the perfect accomplice for Agent Tesla’s malicious activities. It works by compromising a system’s integrity, creating a backdoor for Agent Tesla to infiltrate and establish persistence. This allows Agent Tesla to remain undetected for extended periods, deepening its hold on the system and maximizing data theft.
It’s important to highlight that Taskun and Agent Tesla were recently discovered as accomplices in a similar campaign. Researchers observed TicTacToe Dropper targeting Windows devices, subsequently infecting them with Leonem, AgentTesla, SnakeLogger, LokiBot, Remcos, RemLoader, Sabsik, Taskun, Androm, and Upatre.
Attackers’ Calculated Approach
As for the latest, campaign, the attack is launched through malicious email attachments exploiting vulnerabilities in Windows OS software like Microsoft Office, one of the most exploited software in malware attacks.
The attackers’ strategy centers around performing reconnaissance to identify vulnerabilities within the targeted systems. This approach often exploits weaknesses in commonly used office applications and operating systems. By targeting these widespread vulnerabilities, the attackers can maximize the impact of their attack, potentially compromising a vast number of devices within an organization.
Why Education and Government Sectors are Vulnerable
Educational institutions and government agencies often hold a treasure trove of sensitive data, making them prime targets for cybercriminals. This data can include student records, research findings, social security numbers, and other confidential information.
Moreover, schools have been identified as highly lucrative targets for cybercriminals. Both in the past and recently, hackers have targeted over 900 schools in the United States by exploiting the notorious MOVEit vulnerability.
A successful attack using Agent Tesla and Taskun could result in a significant data breach, causing immense financial loss, reputational damage, and even identity theft for affected individuals.
How to Fight Back?
Institutions can strengthen their cybersecurity defences against cyber threats by applying security patches promptly, educating users on cybersecurity awareness, and implementing a multi-layered security approach. Regularly patching vulnerabilities, providing cybersecurity awareness training, and implementing a multi-layered security approach can help protect sensitive data.