Skip to content
Auto-CTI
Back to all deep dives
SECURELIST

StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader

HIGH SharkLoader Cobalt Strike Microsoft Exchange initial access exploitation

Strategic summary

A previously undocumented malware family (SharkLoader) is being deployed in a multinational campaign targeting government and diplomatic organizations to deliver Cobalt Strike Beacon; the threat actor leverages publicly available exploits against internet-facing applications such as Microsoft Exchange and SharePoint.

Relevance for you

A newly documented malware family (SharkLoader) is actively deployed to install Cobalt Strike on diplomatic and government systems worldwide; threat actors leverage publicly available PoC exploits against Microsoft Exchange and SharePoint, indicating opportunistic, broad-based campaign.

Risk score

Review required 12
cvss base
0.00
kev bonus
0.00
epss bonus
0.00
poc bonus
15.00
raw before weight
15.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00
consensus penalty
-8.00

Path: operational

Consensus check

The pipeline self-checks before delivery. These rules lowered the score:

  • VENDOR_MISMATCH Vendor not found in alert title −5
  • TTP_SKIPPED TTP mapping skipped (placeholder or aggregation article) −3
Consensus penalty:
−8.0
Total penalty:
−8.0
ESC