Sunday, June 7, 03:08
Home security ObliqueRAT is associated with a group that attacks governments

ObliqueRAT is associated with a group that attacks governments


A new Remote Access Trojan (RAT), discovered by security researchers, appears to be linked to a group hacking specializing in attacks against governments and diplomats.

On Thursday, Cisco Talos researchers said the malware, which it's called ObliqueRAT, is developing a new campaign mainly targeting Southeast Asia.

The last campaign started in January 2020 and is still ongoing. The hacker use phishing emails as their primary means of attack, to which they attach attachments Microsoft Office with malware.

Attachments have innocent names, such as Company-Terms.doc or DOT_JD_GM.doc, which may be abbreviated as "Department of Telecommunications_Job Description_General Manager".

Files also seem to be password protected, a technique that may have been designed to make documents look legitimate and safe in corporate settings. The credentials required to open the file may be contained in the main body of the email "fishing"

If the victim enters the password and opens the document, a malicious VB script is triggered, exporting a malicious binary file and downloading an executable, which acts as a dropper for ObliqueRAT.

Talos described RAT as simple, containing the basic functions of a typical Trojan, including the ability to export files and system data for transfer to a command and control server, the functionality to receive and execute additional payloads, and the ability to terminate existing ones. procedures.

An interesting one feature however, it is that malware looks for a specific directory to steal the files it contains. The name of the directory is C: \ ProgramData \ System \ Dump.

To avoid detection, malware will also check the system name and information for signs that the computer is "sandboxed".

According to Talos, the similarities between how the RAT is propagated and the variables used in maliciously VBA documents indicate a possible link to CrimsonRAT, a group that has previously been linked to attacks on diplomatic and political organizations in the same area.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Lyrics from AI technology or from people: Can you tell them apart?

While a large percentage of people can recognize when they are talking on a chatbot instead of a human operator, it seems that this is not the case ...

Technology and children: When are they ready for safe use?

Today's children and teens use various messaging apps and social media to ...

Call of Duty Black Ops Cold War: The first video leaked

The first video from the gameplay of Call of Duty 2020, which is rumored to be called Black Ops Cold War, has just been revealed.

Elon Musk: "It's time to break up Amazon"

Elon Musk intensifies the fight with Jeff Bezos with a new tweet: The General Manager of Tesla Inc., Elon Musk, said ...

Attack on America's 5G towers on Saturday!

Protests over 5G connectivity are scheduled to take place over the weekend, according to NATE. According to a recommendation that was identified ...

Windows 10 Updates: You can block them with Wu10Man!

Microsoft launched the Windows 10 update in May 2020, so it will be available on your computer soon ....

ECh0raix Ransomware: New campaign targets QNAP NAS devices!

Malicious agents behind eCh0raix Ransomware have launched a new campaign targeting QNAP NAS devices. ECh0raix was observed ...

Mac: How to change the storage location of your screenshots?

When you take screenshots on your Mac device using the Shift-Command-3 shortcut to take a screenshot of the entire computer screen or Shift-Command-4 ...

Malware USBCulprit: Aims devices that are not connected to a network

Did you think that devices without any connection to a local or other network (air-gapped devices) are safe? Think again! The USBCulprit malware that ...

Free Microsoft Teams: You can finally create meetings!

Users of the free version of Microsoft Teams can now create video meetings. The change, identified by ...