Hackers Exploit Microsoft Tools to Breach Energy Firms

A newly identified cyber campaign, dubbed OneClik, targets the energy, oil and gas sectors using a blend of legitimate tools and custom malware. Hackers exploit Microsoft tools, specifically the ClickOnce deployment framework, to deliver malicious payloads with minimal detection. Researchers say the attackers rely on deceptive links to lure victims into launching the compromised applications.

The campaign also integrates custom Golang-based backdoors, allowing persistent access to infected systems. By hosting their payloads on trusted services like Amazon Web Services, the attackers increase the credibility of their distribution methods and bypass traditional security filters. Hackers exploit Microsoft tools in combination with AWS infrastructure to maintain stealth and effectiveness within the targeted industries.

Security firms have flagged the operation as highly sophisticated, citing the attackers’ use of legitimate software features to evade scrutiny. The campaign underscores the growing trend of abusing cloud and enterprise tools in targeted attacks.

Read the full report here: https://www.bleepingcomputer.com/news/security/oneclik-attacks-use-microsoft-clickonce-and-aws-to-target-energy-sector/