Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks
Summary
A sophisticated framework, dubbed 'Veil#Drop,' is being used in attacks that leverage compromised websites and Blogspot to deliver the PureLog information stealer. This framework employs fileless techniques, making it challenging for security solutions to detect and block.
IFF Assessment
FOE
The Veil#Drop framework's use of information stealers and sophisticated evasion techniques poses a direct threat to organizations and individuals.
Defender Context
Defenders should be aware of the Veil#Drop framework's tactics, which include abusing legitimate platforms like Blogspot and employing fileless techniques. Monitoring for unusual PowerShell activity and unusual network traffic originating from compromised websites can help in early detection.