On June 1, 2023, we received a copy of a previous email correspondence with an embedded PDF file. The attached PDF requested the recipient to download a zip file which had a Qakbot malware. The email, though at first glance came from a trusted recipient, was sent from a fake email address.
This triggered a high-security alert, and all internal systems at Sharktech were checked for potential vulnerabilities, or compromises, and we engaged with third parties for review. The investigation
concluded a possible zero-day vulnerability exploitation of Chrome CVE-2023-307. This vulnerability allowed the attacker to access employee emails, which were used to create replicated phishing emails to
vendors and other parties we correspond with. The employee system was rebuilt, and all internal logs were reviewed to ensure no other systems were impacted. We do not share any critical credentials through emails and our email servers are completely separate from the rest of our systems. We suspect the malicious actor may use the email cache they downloaded to attempt communicating with other vendors or customers to further their attempts in spreading this malware.
We urge all our customers to immediately upgrade their Chrome web browser as this affects Linux and Windows Operating Systems alike and exercise extreme caution accessing any URL or attachments associated with received emails, and of course, verifying source email address and target urls.
At this time, we will continue to ensure the integrity of our systems and services, but we expect no further complications.Thank you,Tim Timrawi
Sharktech inc.
- Wednesday, 14th June, 2023
- 10:04am