‘HTML Smuggling’ technique identified in growing Russian-backed NOBELIUM online phishing attacks

Back in May, Microsoft identifies Russian-backed cyber-attackers NOBELIUM responsible for attacks similar to SolarWinds over the past few months and has begun working with companies, governments and law enforcement to limit negative outcomes from cyberattacks such as so.

Earlier today, Microsoft went a step further and highlighted one of the more sophisticated malware distribution methods used by NOBELIUM to wreak havoc and gain access to a system called ‘HTML Smuggling’, and warns customers to take precautions as its use has increased recently.

According to Microsoft,

HTML smuggling, a highly evasive malware delivery technique that uses legitimate HTML5 and JavaScript features, is increasingly being used in email campaigns that deploy banking malware. clients, Remote Access Trojans (RATs) and other payloads associated with targeted attacks. Notably, this technique has been observed in a online scam campaign from the NOBELIUM threat in May. More recently, we’ve also seen the technique deliver the Mekotio banking Trojan, as well as AsyncRAT/NJRAT and Trickbot, malware that attackers use to gain control of affected devices and deliver payloads of ransomware and other threats.

As the name suggests, HTML smuggling allows an attacker to “smuggle” an encrypted malicious script within a specially crafted HTML web page or attachment. When the target user opens the HTML in their web browser, the browser decodes the malicious script, which in turn assembles the payload on the host device. Thus, instead of having a malicious executable streamed directly over the network, an attacker builds malware locally behind a firewall.

More specifically, the attack manifests itself in two ways: as a link to a smuggled HTML page accompanied by an initial email message, or as a redirected landing page itself, which then prompts a loading sequence. down automatically. To identify the HTML Smuggling hack, Microsoft has given a few banks of real world examples and users to watch out for, such as leveraging Outlook for the following process:


At the end of the day, Microsoft is recommending its own products to help protect against HTML smuggling threats. Defender 365 is said to use a layered approach to protect against cyber threats and mitigate scenarios by preventing execution higher on the attack chain. A wide range of Microsoft tools such as M365 Defender, Microsoft Defender for Office 365, Secure Links, Safe Attachments, Endpoint Pre-hunting (EDR), and Smart Desktops all work in combination to reduce the number of successful phishing attacks as well as mitigate the results from more sophisticated attacks.

In addition to Microsoft’s own security solutions, it is recommended that users and customers familiarize themselves with the different types of malware, practice good credential hygrine, and limit the number of administrator privileges. domain or local at a minimum.

Share this post:


Fry Electronics is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

16 − 15 =

Back to top button