🟠 High | Source: The Hacker News
A newly identified malware loader called SharkLoader is being used in targeted cyberattacks, dubbed StrikeShark by Kaspersky, to deploy Cobalt Strike Beacon on compromised systems. The campaign has focused on diplomatic and government organisations in Indonesia and Taiwan, suggesting nation-state or espionage-related motivations. Cobalt Strike is a well-established post-exploitation framework frequently abused by threat actors to maintain persistent access and move laterally across networks.
Security Architect’s Take: Review endpoint detection coverage for Cobalt Strike Beacon signatures and ensure network egress controls can identify and block Cobalt Strike’s default and malleable C2 profiles. Prioritise hunting for SharkLoader indicators of compromise across cloud-hosted workloads and any internet-facing infrastructure, particularly where diplomatic or government sector clients are involved.
Original advisory: New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks