Nigerian Communications Commission’s Computer Security Unit Raises Alarm Over New Phishing Attack Exploit

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has Fried wolf over a new Phishing, Attack that exploits Windows Zero-Day Vulnerability.

The phishing attack can load malicious QBot malware on compromised devices without triggering any Windows security alerts.

The NCC-CSIRT indicated that the vulnerability is present in all versions of Windows-based products.

NCC-CSIRT reports that the new phishing exploits on Windows zero-day vulnerability drop a Qbot malware and bypasses Mark of the Web (MoTW) security warnings.

NCC-CSIRT reports that "threat actors have switched to a new phishing strategy that involves propagating JS files (plain text files that include JavaScript code) signed with forged signatures."

The NCC-CSIRT advised that users apply updates per vendor instructions.

The NCC set up the CSIRT, the telecom sector’s cyber security incidence centre, to focus on incidents in the telecom sector and how they may affect telecom consumers and citizens at large.

The CSIRT also partners the ngCERT which was established by the Federal Government to forestall computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks.


Leave a Reply

Your email address will not be published.