Home Security Webworm Hackers Utilizing Modified RATs in Newest Cyber Espionage Assaults

Webworm Hackers Utilizing Modified RATs in Newest Cyber Espionage Assaults

by crpt os


A threat actor tracked under the moniker Webworm has been linked to bespoke Windows-based remote access trojans, some of which are said to be in pre-deployment or testing phases.

“The group has developed customized versions of three older remote access trojans (RATs), including Trochilus RAT, Gh0st RAT, and 9002 RAT,” the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News.

CyberSecurity

The cybersecurity firm said at least one of the indicators of compromise (IOCs) was used in an attack against an IT service provider operating in multiple Asian countries.

It’s worth pointing out that all the three backdoors are primarily associated with Chinese threat actors such as Stone Panda (APT10), Aurora Panda (APT17), Emissary Panda (APT27), and Judgement Panda (APT31), among others, although they have been put to use by other hacking groups.

Symantec said the Webworm threat actor exhibits tactical overlaps with another new adversarial collective documented by Positive Technologies earlier this May as Space Pirates, which was found striking entities in the Russian aerospace industry with novel malware.

Space Pirates, for its part, intersects with previously identified Chinese espionage activity known as Wicked Panda (APT41), Mustang Panda, Dagger Panda (RedFoxtrot), Colorful Panda (TA428), and Night Dragon owing to the shared usage of post-exploitation modular RATs such as PlugX and ShadowPad.

Other tools in its malware arsenal include Zupdax, Deed RAT, a modified version of Gh0st RAT known as BH_A006, and MyKLoadClient.

CyberSecurity

Webworm, active since 2017, has a track record of striking government agencies and enterprises involved in IT services, aerospace, and electric power industries located in Russia, Georgia, Mongolia, and several other Asian nations.

Attack chains involve the use of dropper malware that harbors a loader designed to launch modified versions of Trochilus, Gh0st, and 9002 remote access trojans. Most of the changes are intended to evade detection, the cybersecurity firm said.

“Webworm’s use of customized versions of older, and in some cases open-source, malware, as well as code overlaps with the group known as Space Pirates, suggest that they may be the same threat group,” the researchers said.

“However, the common use of these types of tools and the exchange of tools between groups in this region can obscure the traces of distinct threat groups, which is likely one of the reasons why this approach is adopted, another being cost, as developing sophisticated malware can be expensive in terms of both money and time.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex