Keyboy Targeting US Companies

By   ISBuzz Team
Writer , Information Security Buzz | Nov 08, 2017 03:15 pm PST

A Chinese Group known as KeyBoy is targeting US companies with a specifically crafted Microsoft documents that uses the Dynamic Data Exchange (DDE) protocol to fetch/download remote malicious payloads. Michael Patterson, CEO at Plixer commented below.

Michael Patterson, CEO at Plixer:

“IT teams must be continuously vigilant and employees need to be alerted to this latest espionage threat. Employees should be extra careful not to click on a Microsoft Word Document, especially if it is received from someone they don’t know. Even when it is received from someone familiar, a quick call should be placed to confirm the document is real. In the case of KeyBoy’s specially crafted Microsoft Word document, a list of indicators of compromise (IoC) has been published.  Network traffic analytics platforms, employing anomaly detection and historical forensic data,  provide a mechanism to proactively monitor for the existence of these IoCs. KeyBoy’s attack blocks all notifications when the malware is loaded, making traffic monitoring the most effective mechanism of identifying the breach.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x