Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

AlienVault discovered Watering Hole attacks using Scanbox for reconnaissance

Security experts at AlienVault discovered a series of watering hole attacks using the Scanbox reconnaissance Framework that is targeting several industries. Security experts at AlienVault Labs have uncovered a watering hole attack with a singular characteristic, the attackers are using a framework developed for reconnaissance as the primary infection vector. The attackers deployed a malicious JavaScript on the targeted […]

AlienVault discovered Watering Hole attacks using Scanbox for reconnaissance

Security experts at AlienVault discovered a series of watering hole attacks using the Scanbox reconnaissance Framework that is targeting several industries.

Security experts at AlienVault Labs have uncovered a watering hole attack with a singular characteristic, the attackers are using a framework developed for reconnaissance as the primary infection vector.

The attackers deployed a malicious JavaScript on the targeted website, but  this attack delivers a framework called Scanbox instead a malware, the application simply collects data from the host and send it to the command and control server, in particular, it is able to detect the applications running on the targeted machine and information that could be used later by an attacker to serve specific exploits.

Scanbox has numerous plugins that could be used to Enumerates software installed in the system (e.g. Flash versions, Flash versions, etc.)

Scanbox also include keylogging capability, when visitors browse the compromised website, all keystrokes are being recorded and sent to the C&C server periodically, the IP address that is hosting the command and control server is 122.10.9.109  and is assigned to a data center located in Hong Kong.

The agent also collects data the user submits via the web forms, the feature allows the attackers to steal sensitive data including password

scanbox watering hole attacks

According to the post published by AlienVault Labs, the threat actors compromised an unnamed industrial software firm’s website, the targeted company design software used for simulation and system engineering for a wide numerous companies in several industries, including automotive and aerospace.

This isn’t the first time that the researchers uncovered watering hole attacks to serve reconnaissance tools, and experts speculate that the targeted industries could suffer further attacks soon.

“This is a very powerful framework that gives attackers a lot of insight into the potential targets that will help them launching future attacks against them,” “We have also seen several Metasploit-produced exploits that target different versions of Java in the same IP address that hosts the Scanbox framework.” said Jaime Blasco.

The experts at AlienVault suggest administrators to monitor traffic from mail.webmailgoogle.com and js.webmailgoogle.com, because those are indicators of this attack.

Pierluigi Paganini

(Security Affairs – Scanbox, watering hole attack)