Stealthy Cyber Attacks: LNK Files & SSH Commands Playbook

Tags

External References

• https://cyble.com/
• https://otx.alienvault.com/

Description

This analysis explores a rising trend in cyber attacks where threat actors leverage LNK files and SSH commands as initial infection vectors. The attackers use meticulously crafted shortcut files, often disguised as legitimate documents, to execute commands using Living-off-the-Land Binaries (LOLBins). The report highlights three specific campaigns: one using SCP to download and execute malicious files, another abusing SSH and PowerShell commands to run harmful payloads, and a third combining SSH and CMD commands to load malicious DLLs. These sophisticated techniques aim to bypass traditional security mechanisms and evade detection by exploiting trusted system utilities. The evolving tactics underscore the need for continuous vigilance and adapted security strategies to counter these advanced attack vectors.

Date