Hackers exploit Windows Error Reporting service in new fileless attack
Posted October 7, 2020
- A new fileless attack technique that abuses the Microsoft Windows Error Reporting (WER) service is the work of a hacking group that is yet to be identified.
- A lure phishing document found by the team was packaged up in a .ZIP file. Titled, “Compensation manual.doc,” the file claims to contain information relating to worker compensation rights, but when opened, is able to trigger a malicious macro.
- The macro uses a custom version of the CactusTorch VBA module to spring a fileless attack, made possible through shellcode.
– Charlie Osborne | October 7, 2020