Slack has been Hacked – Are You Vulnerable?


Hackers have infiltrated the popular business chat software, Slack, using a watering hole attack.

An undocumented backdoor program was utilized by hackers during the attack on Slack, this program was designed to give hackers control of infected computers using Slack.

The “watering hole” attack is a technique for infecting websites of interest.

It’s unclear how victims were directed to the website but the site was manipulated to host an exploit that takes advantage of a vulnerability in the Windows VBScript engine. The CVE20188174 vulnerability can be exploited through Internet Explorer but was patched by Microsoft in May 2018. This is why having an up-to-date operating system is important.

In the situation where the exploit triggered successfully, a multi-stage infection chain would be started. First, a malicious DLL file would be downloaded and executed via PowerShell. This DLL scanned for antivirus programs before deciding whether to install the aformentioned backdoor program.

The goal of the hack was to collect information on victims and their activity on social media and private chat logs, however, it also possesses the ability to start and close applications on the victims device (including viruses), take screenshots, steal personal files, enable and view the victims webcam, or completely destroy the device.

Next Post

Sustainable Building Materials

In the realm of sustainable construction, the evolution of building materials has taken a significant turn towards eco-friendly practices. One such innovation making waves in the construction industry is the development of carbon-neutral bricks. These bricks are revolutionizing traditional brick-making processes by significantly reducing carbon emissions and environmental impact. Let’s […]
carbon neutral bricks