Insights into Complex Delivery Chains - Q3 - 2023 - VMRay

The Evolution of Threat Delivery:  
Insights into Q3’s Complex Delivery Chain Strategies

Q3 – 2023

Explore the complex delivery chains employed in Q3, from zero-click exploits to evolving supply chain attacks.

Table of Contents

The third quarter witnessed a surge in cyber threats, focusing on Complex Delivery Chains. ISO and LNK files, alongside zero-click exploits, played a significant role in high-profile attacks. Supply chain targeting expanded to IT experts and business servers, with Microsoft Teams and Facebook Messenger emerging as new delivery channels. This chapter unravels the intricate dynamics of Q3’s threat landscape, shedding light on evolving tactics and resilient strategies.


During the third quarter, ISO and LNK files delivered via emails remain in use, and attackers often execute high-profile attacks by leveraging undiscovered vulnerabilities, some of which necessitate no user interaction, referred to as zero-click attacks.

Attacks on supply chains are also widespread, mainly focusing on IT experts or business servers. Beyond email, Microsoft Teams and Facebook Messenger have emerged as two new avenues for delivering harmful files. Given the existence of a widely-used open-source framework on GitHub called TeamsPhisher that targets Microsoft Teams businesses and accounts, this threat is likely to persist.

Polyglot Deception: MalDoc Techniques

We’ve noticed new techniques where attackers embed harmful Word documents (as Active Mime objects) inside PDF files, a strategy that could potentially enable them to escape detection. This technique, termed ‘MalDoc’, is a polyglot attack where the file, while recognizable as a PDF, can also be opened as a Word document.

This allows the concealed harmful code to run when opened as a .doc file in Microsoft Office. 

QBot’s Comeback: Unveiling New Delivery Chain Tactics

Additionally, threat actors behind QBot got active again even though the FBI has infiltrated and shut down their infrastructure and operation. Within their comeback, they again switched to an exotic delivery chain that even involves new file types such as Microsoft Excel Add-Ins (XLL).

This figure shows a summary on delivery chains that VMRay Threat Labs has observed throughout the past months in-the-wild.

VMRay Malware & Phishing Threat Landscape – Q3/2023

Next Chapter: 
The dual nature of AI in cyber security

See VMRay in action.
Secure your organization against the most evasive threats.

Further resources


Key forces shaping the future of security automation

Watch the full recording from the our webinar featuring Forrester


Explore VMRay’s seamless integrations

Explore all security automation use cases that help you can benefit.


VMRay Professional Services

Learn how VMRay supports deployment, configurations, integrations & more.

Calculate how much malware false positives are costing your organization:
Malware False Positive Cost Calculator