Major new malware campaign targets hundreds of US and EU businesses - StrelaStealer returns to hit big firms once again

Hook on Keyboard
Image Credit: Shutterstock (Image credit: wk1003mike / Shutterstock)

Hundreds of organizations in the United States and Europe were recently targeted with StrelaStealer, an infostealing malware focusing mostly on grabbing email credentials from Outlook and similar email clients.

Unit42, the cybersecurity arm of Palo Alto Networks, said that since November 2023, unnamed threat actors have been sending hundreds of phishing emails a day, targeting mostly organizations in the “high tech” industry. 

Some months have seen more emails than others, but the biggest uptick happened between January and February 2024.

Strela evolved

While high tech firms were the primary target, they were far from the only one, as organizations in finance, legal services, manufacturing, government, utilities and energy, insurance, and construction, were all targeted.

At least 100 organizations across the US and Europe fell victim to the attack. 

While the campaign itself might be new, the infostealer isn’t. According to BleepingComputer, StrelaStealer was around from at least late 2022 and since then, its modus operandi only slightly changed. It was always an infostealer targeting email client credentials. However, in earlier days, the attackers would distribute an .ISO file holding a .LNK file and an HTML file which, using the polyglot file infection method, invoked “rundll32.exe” and executed the malware. 

Nowadays, the attackers would simply attach a .ZIP archive holding a JScript file which, if executed, dropped a batch file and a base64-encoded file that decoded into a DLL. That DLL, executed via rundll32.exe, would deploy the main infostealer.

Phishing is a decades-old hacking technique, which continues to dominate the cybercriminal space due to its low cost and high success rate. With the introduction of generative AI tools, spotting phishing and other fraudulent emails became even harder. The best way to stay safe is to exercise caution and remain skeptical of all incoming emails.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.