Recent Phishing Attacks Target 100+ Organizations in Europe and U.S. with StrelaStealer Malware

Security experts have identified a fresh series of phishing attacks utilising the evolving information-stealing malware known as StrelaStealer. According to a report by Palo Alto Networks Unit titled 'Large-Scale StrelaStealer Campaign in Early 2024', more than 100 organisations in Europe and the United States have been impacted by these attacks.

StrelaStealer steals email login data from popular email clients, transmitting it to the attacker's server. This breach allows threat actors access to victims' email accounts, enabling further attacks. Emerged in 2022, StrelaStealer's creators have unleashed multiple large-scale email campaigns, indicating persistent activity.

To evade detection, attackers change the email attachment file format in each campaign. StrelaStealer, disclosed in November 2022, is designed to extract email login data and send it to a server controlled by the attacker.

High-tech, finance, legal, manufacturing, government, energy, insurance, and construction sectors in Europe and the U.S. have been targeted by two significant campaigns in November 2023 and January 2024.

The malware employs obfuscation techniques to hinder analysis in secure environments. Researchers note ongoing updates to the email campaign and payload, emphasising the threat actors' adaptability.

This campaign demonstrates how even unskilled actors can utilize malware-as-a-service to orchestrate large-scale attacks and profit from stolen data.

- CyberBeat