Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc. "The threat ac...
Read Full Article »Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites
Discussion Points
- r.
- The information provides valuable insights for those interested in research.
- Understanding research requires attention to the details presented in this content.
Summary
A new phishing campaign has been identified by cybersecurity researchers, utilizing the ClickFix technique to spread an open-source command-and-control framework called Havoc. This technique allows threat actors to evade detection and delivers malware through a SharePoint site.
The malicious payload is then communicated using a modified version of the Havoc Demon framework, combined with the Microsoft Graph API.The use of a legitimate platform like SharePoint to host the malware makes it difficult to detect, as it blends in with trusted and well-known services. This sophistication highlights the need for improved cybersecurity practices and increased awareness among individuals and organizations.The involvement of the Microsoft Graph API in this campaign is particularly concerning, as it suggests that threat actors are becoming more adept at utilizing legitimate tools and APIs to deliver malicious communications.