Hackers Exploit Autodesk Flaw in Recent Cyberespionage Attack

Hackers Exploit Autodesk Flaw in Recent Cyberespionage Attack

The popular Autodesk software was exploited in a recent cyberespionage campaign against an international architectural company.

The popular Autodesk software was exploited in a recent cyberespionage campaign against an international architectural company.

Threat actors exploited a vulnerability in the popular 3D computer graphics Autodesk software in order to launch a recent cyber-espionage attack against an international architectural and video production company.

Researchers said that further analysis of the attack points to a sophisticated, APT-style group that had prior knowledge of the company’s security systems and used software applications, carefully planning their attack to infiltrate the company and exfiltrate data undetected. The targeted company, which researchers did not name, is known to have been collaborating in billion-dollar real estate projects in New York, London, Australia and Oman.

The hallmark of the attack is its use of a malicious plugin for Autodesk 3ds Max, a computer graphics program used by engineering, architecture or gaming organizations for making 3D animations, which is developed by Autodesk Media and Entertainment.

“During the investigation, Bitdefender researchers found that threat actors had an entire toolset featuring powerful spying capabilities and made use of a previously unknown vulnerability in a popular software widely used in 3D computer graphics (Autodesk 3ds Max) to compromise the target,” said researchers with Bitdefender in a Wednesday analysis.

vulnerabilities web security apt autodesk 3ds max security

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Microsoft Exchange, Outlook Under Siege By APTs

A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.

Best Custom Web & Mobile App Development Company

Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots

Grindr's Bug Bounty Pledge Doesn't Translate to Security

At [email protected], Luta Security CEO Katie Moussouris stressed that bug bounty programs aren't a 'silver bullet' for security teams.

Iran-linked APT Targets T20 Summit, Munich Security Conference Attendees

The Phosphorous APT has launched successful attacks against world leaders who are attending the Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia, Microsoft warns.

7 Web Application Security Best Practices

Here is a list of seven key elements that should be considered in your web app security strategy. Web Application Security has been one of the most significant parts when it comes to web app development.