Hackers exploit Windows Error Reporting service in new fileless attack

Hackers exploit Windows Error Reporting service in new fileless attack

Posted October 7, 2020

Hackers exploit Windows Error Reporting service in new fileless attack

  • A new fileless attack technique that abuses the Microsoft Windows Error Reporting (WER) service is the work of a hacking group that is yet to be identified.
  • A lure phishing document found by the team was packaged up in a .ZIP file. Titled, “Compensation manual.doc,” the file claims to contain information relating to worker compensation rights, but when opened, is able to trigger a malicious macro. 
  • The macro uses a custom version of the CactusTorch VBA module to spring a fileless attack, made possible through shellcode.

– Charlie Osborne | October 7, 2020