Brother
Professional
- Messages
- 2,590
- Reaction score
- 533
- Points
- 113
Hackers have found a new way to distribute the Remcos Trojan.
The Chinese information security company Qi'anxin detected new activity of the APT-Q-36 group (Mahagrass, Patchwork, Dropping Elephant, Hangover). The group, which has South Asian roots, has been engaged in cyber espionage since 2009, and its main targets are government and military institutions, as well as organizations in the fields of energy, industry, science and education, politics and the economy in Asia.
Recently, the group used the Spyder Loader loader to distribute the Remote Access Trojan (RAT) Remcos, which attackers usually use for cyber espionage and theft of confidential information. The attacker's target, obviously.
Spyder, which has been updated several times in recent months, has the ability to download and run executable files from the Command and Control server (C2). In particular, the use of encrypted strings to evade static detection by antivirus programs was noted, as well as the adaptation of the data format for communication with C2 servers.
Among the potential targets of the attack were Pakistan, Bangladesh and Afghanistan. This indicates a high level of purposefulness and thoughtfulness in the actions of intruders who want to avoid detection and successfully perform intelligence-gathering tasks.
Qi'anxin encourages users to be vigilant, avoid suspicious links in social networks and email attachments of unknown origin, do not run unknown files and do not install software from untrusted sources. Cybersecurity remains an important area of focus, as groups of this kind continue to develop their methods of attacking and evading defense mechanisms.
Recall that the report on cybersecurity for the third quarter of 2023, published recently by HP Wolf Security, notes a significant increase in the number of campaigns using RAT Trojans. Experts note an increase in the use of RAT, which is often hidden in seemingly legitimate Excel and PowerPoint files attached to emails.
In addition, in September, a large-scale phishing campaign was detected targeting more than 40 large companies in various sectors of the economy in Colombia. The attackers goal was to secretly install Remcos RAT on the computers of employees of organizations with the ability to further compromise and obtain valuable data.
Note also that in 2022, Symantec reported a series of attacks attributed to the APT41 group (Winnti), which hacked into Hong Kong government offices and in some cases went unnoticed for a year. During the attacks, hackers used the Spyder Loader loader-this is their "business card", which they previously used in other attacks.
The Chinese information security company Qi'anxin detected new activity of the APT-Q-36 group (Mahagrass, Patchwork, Dropping Elephant, Hangover). The group, which has South Asian roots, has been engaged in cyber espionage since 2009, and its main targets are government and military institutions, as well as organizations in the fields of energy, industry, science and education, politics and the economy in Asia.
Recently, the group used the Spyder Loader loader to distribute the Remote Access Trojan (RAT) Remcos, which attackers usually use for cyber espionage and theft of confidential information. The attacker's target, obviously.
Spyder, which has been updated several times in recent months, has the ability to download and run executable files from the Command and Control server (C2). In particular, the use of encrypted strings to evade static detection by antivirus programs was noted, as well as the adaptation of the data format for communication with C2 servers.
Among the potential targets of the attack were Pakistan, Bangladesh and Afghanistan. This indicates a high level of purposefulness and thoughtfulness in the actions of intruders who want to avoid detection and successfully perform intelligence-gathering tasks.
Qi'anxin encourages users to be vigilant, avoid suspicious links in social networks and email attachments of unknown origin, do not run unknown files and do not install software from untrusted sources. Cybersecurity remains an important area of focus, as groups of this kind continue to develop their methods of attacking and evading defense mechanisms.
Recall that the report on cybersecurity for the third quarter of 2023, published recently by HP Wolf Security, notes a significant increase in the number of campaigns using RAT Trojans. Experts note an increase in the use of RAT, which is often hidden in seemingly legitimate Excel and PowerPoint files attached to emails.
In addition, in September, a large-scale phishing campaign was detected targeting more than 40 large companies in various sectors of the economy in Colombia. The attackers goal was to secretly install Remcos RAT on the computers of employees of organizations with the ability to further compromise and obtain valuable data.
Note also that in 2022, Symantec reported a series of attacks attributed to the APT41 group (Winnti), which hacked into Hong Kong government offices and in some cases went unnoticed for a year. During the attacks, hackers used the Spyder Loader loader-this is their "business card", which they previously used in other attacks.
