Recent Phishing Attacks Target 100+ Organizations in Europe and U.S. with StrelaStealer Malware

StrelaStealer malware is designed to steal email login data from popular email clients and send it to the attacker's server. This enables threat actors to access victims' email accounts for further malicious activities.
28 March 2024
Image by CyberBeat

Security experts have identified a fresh series of phishing attacks utilising the evolving information-stealing malware known as StrelaStealer. According to a report by Palo Alto Networks Unit titled 'Large-Scale StrelaStealer Campaign in Early 2024', more than 100 organisations in Europe and the United States have been impacted by these attacks.

StrelaStealer steals email login data from popular email clients, transmitting it to the attacker's server. This breach allows threat actors access to victims' email accounts, enabling further attacks. Emerged in 2022, StrelaStealer's creators have unleashed multiple large-scale email campaigns, indicating persistent activity.

To evade detection, attackers change the email attachment file format in each campaign. StrelaStealer, disclosed in November 2022, is designed to extract email login data and send it to a server controlled by the attacker.

High-tech, finance, legal, manufacturing, government, energy, insurance, and construction sectors in Europe and the U.S. have been targeted by two significant campaigns in November 2023 and January 2024.

The malware employs obfuscation techniques to hinder analysis in secure environments. Researchers note ongoing updates to the email campaign and payload, emphasising the threat actors' adaptability.

This campaign demonstrates how even unskilled actors can utilize malware-as-a-service to orchestrate large-scale attacks and profit from stolen data.

- CyberBeat

 

About CyberBeat

CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.

Contact CyberBeat

If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us

Terms & Policies >>

Sponsors

We couldn't do this without the support of our sponsors and contributors.