![]() ![]() While we have seen an increase in the number of campaigns utilizing OneNote to deliver malware, its use is unusual. The campaigns included multiple senders and subjects, with different targeting and volume depending on the campaign. Notably, the initial access broker TA577 began using OneNote documents to deliver Qbot at the end of January 2023. In January 2023, Proofpoint observed over 50 OneNote campaigns delivering different malware payloads including AsyncRAT, Redline, AgentTesla, and DOUBLEBACK. Proofpoint observed six campaigns in December 2022 using OneNote attachments to deliver AsyncRAT malware. ![]() one extensions, via email attachments and URLs. Proofpoint has observed threat actors deliver malware via OneNote documents, which are. OneNote is a digital notebook created by Microsoft and available via the Microsoft 365 product suite. Proofpoint researchers recently identified an increase in threat actor use of OneNote documents to deliver malware via email to unsuspecting end-users in December 2022 and January 2023. TA577 returned from a month-long hiatus in activity and began using OneNote to deliver Qbot at the end of January 2023.Campaigns have impacted organizations globally, including North America and Europe.In order to detonate the payload, an end-user must interact with the OneNote document.While some campaigns are targeted at specific industries, most are broadly targeted and include thousands of messages.Multiple cybercriminal threat actors are using OneNote documents to deliver malware.The use of Microsoft OneNote documents to deliver malware via email is increasing. ![]()
0 Comments
Leave a Reply. |