Intrusions involved the use of the domain, crowdstrike-office365[.]com, to lure users into downloading a recovery tool purportedly addressing update-related boot loop issues but delivers a malware loader.
Such an arrest, which was based on suspected Blackmail and Computer Misuse Act violations and also resulted in the sequestration of the teen's digital devices.
Intrusions conducted by PatchWork commenced with the distribution of a malicious LNK file enabling the download of a fraudulent PDF to conceal compromise with Brute Ratel C4 and PGoShell malware.
Attackers leveraged phishing emails with a malicious Word attachment having the same text as Microsoft's support bulletin regarding its Recovery Tool for outage-hit devices that contains macros, which when enabled facilitates the download of a DLL file.
Intrusions offering a fraudulent fix for the issue were reported by cybersecurity researcher g0njxa and AnyRun to have been conducted to deploy the Remcos RAT trojan.
Attackers leveraged spear-phishing to lure targets into downloading an MSI installer for Skype for Business from a domain resembling one belonging to the Italian government.