New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

Kaspersky researchers identified a new malware family, SharkLoader, used in the StrikeShark cyberattack campaign, which deploys Cobalt Strike Beacon on compromised systems. The campaign has targeted a diplomatic organization in Indonesia and government organizations in Taiwan. SharkLoader functions as a loader, facilitating the initial infection and subsequent deployment of more sophisticated tools like Cobalt Strike. This discovery highlights the evolving tactics of cyber threat actors in delivering advanced post-exploitation frameworks. The specific techniques used by SharkLoader to gain initial access and maintain persistence are still under investigation by Kaspersky. The campaign's focus on governmental and diplomatic entities suggests a potential for espionage or disruption objectives. The use of Cobalt Strike, a popular legitimate penetration testing tool, by malicious actors underscores the challenges in distinguishing between authorized and unauthorized network activity. Kaspersky's analysis indicates that SharkLoader is designed to be stealthy, aiming to evade detection by security software during its initial stages. Further details on the SharkLoader's infection vectors and its operational infrastructure are expected as the investigation continues.