Government

DanaBot Operators Spear Phish Government Employees

26 February - 5 March 2019

The operators behind the DanaBot trojan have been spear phishing employees at an Australian government agency, with intentions to gain a foothold in the targeted network.
The operators behind the DanaBot trojan have been spear phishing employees at an Australian government agency, with intentions to gain a foothold in the targeted network. The phishing email contains a link that downloads a ZIP archive with an obfuscated VBScript file within. When extracted, the script fetches an executable file from the attackers’ server to install the DanaBot trojan. DanaBot is modular and functions such as VNC remote desktop connection, information stealer, keylogger and web injections can be added on demand. 

References:
[1] Breakdown of a Targeted DanaBot Attack
 
 
 
 
 
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Solutioning

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence