Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Unraveling the Sophisticated Attack Leveraging VS Code for Unauthorized Access

Oct. 1, 2024, 8:22 p.m.

Description

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence through a scheduled task and leverages VSCode to create a remote tunnel, allowing the attacker unauthorized access to the victim's machine. The attacker can then interact with the system, access files, and perform additional malicious activities. This method mirrors tactics used by the Chinese APT group Stately Taurus in cyber espionage campaigns. The attack demonstrates the growing sophistication of threat actors in using legitimate tools to bypass detection measures.

Date

Published: Oct. 1, 2024, 7:30 p.m.

Created: Oct. 1, 2024, 7:30 p.m.

Modified: Oct. 1, 2024, 8:22 p.m.

Indicators

c7f07bdfb91653f53782885a3685436e2e965e1c5f4863c03f5a9825c0364489

281766109f2375a01bad80478fd18841eccaefc1ee9277179cc7ff075d1beae2

c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0

a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91

0e2263d4f239a5c39960ffa6b6b688faa7fc3075e130fe0d4599d5b95ef20647

http://requestrepo.com/r/2yxp98b3

requestrepo.com

Attack Patterns

Stately Taurus

T1059.006

T1053.005

T1071.001

T1036.005

T1082

T1057

CVE-2017-11882

CVE-2024-21893

CVE-2024-21887

CVE-2023-46805

CVE-2021-44228

Additional Informations

China