Friday, October 2, 00:48
Home security APT Hackers are using Crimson RAT against Indian banks

APT Hackers are using Crimson RAT against Indian banks

Crimson

According to cyber security researchers, a new campaign APT, uses Crimson RAT and attacks on its financial institutions India, to affect their network devices and to steal sensitive data data.

Crimson RAT was first identified in 2016, when it targeted Indian diplomatic and military resources to carry out APT attacks. Since then groups of malicious agents have often used it for attacks in the financial, health and space sectors.

In this case the hackers used Crimson RAT to target financial institutions of India, spreading spear-phishing emails.

Crimson RAT Transfection Process

The phishing email campaign used emails containing malicious attachments that were sent to the targeted organization in two different ways.

In the first case, the malicious one e-mail contained a link pointing to the PE (executable file) containing two other ZIP files with an embedded document.

As soon as the payload is executed by the victim, it automatically checks for its operating system version device, reports it to the C2 server and downloads the ZIP payload based on the 32 or 64 bit version.

In the other case, the phishing email contains a DOC file that has a malicious macro embedded. After the victims turn on the macro, the RAT payload is executed and the clean Resume / CV file is loaded.

The Crimson RAT is capable of extracting sensitive data from the affected system and then transferring it via non-online channels to its command-and-control (C&C) server.

The RAT continues to receive commands from the C&C server, performs the desired activities, and updates the results to the C2 server controlled by the intruder.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

DC Bar: Violation exposes thousands of members to potential data theft

A report released Wednesday by Techcrunch revealed that lawyers who applied to join the DC Bar revealed that ...

Anthem: $ 142.000 in Wisconsin for security breach

As announced by Attorney General Josh Kaul, the popular insurance company Anthem, will pay the amount of $ 142.000 in Wisconsin, ...

Microsoft Office 365: Phishing campaign uses Captchas

A wave of phishing emails aimed at stealing Microsoft Office 365 usernames and passwords targets ...

Tesla Model 3: Moderate score on the NCAP driving test

The Europe New Car Assessment Program (NCAP) has released the second set of assisted driving scores. Although the electric car of Tesla ...

iPhone and iPad: How to password protect your photos

Sometimes, you need to protect your iPhone or iPad from prying eyes that may have access to your device ....

Astro: The first wired headphones for mobile gamers

The competition in the arena of headphones has become quite intense in recent years, but, for many players, the "Astro" is still ...

Twitter: Removes Iran accounts that tried to "disrupt" the Trump-Biden debate

Twitter announced yesterday that it has removed more than 130 Twitter accounts linked to Iran, because they tried to "disrupt" the political ...

Physicists have shown that time travel is mathematically possible

Scientists in Australia claim to have proven that time travel is theoretically possible after solving a logical paradox.

Find out why your iPhone is running low on battery power

It seems that some iOS 14 users are having problems with their battery. IPhones now discharge at a much faster rate.

Cybercriminals "earned" $ 15.000.000 from a BEC fraud campaign!

The FBI is investigating a global BEC (Business email compromise) fraud campaign, through which cybercriminals have earned at least $ 15.000.000.