Casa > cibernético Notícias > Trochilus, RATs PlugX em ataques direcionados a governos
CYBER NEWS

trochilus, RATs PlugX em ataques direcionados a governos

shutterstock_152253701Novos tipos de ratos, ou Trojans de acesso remoto, aparecer com mais freqüência do que nunca. Tais Trojans são normalmente empregadas em ataques direcionados contra empresas, organizações e governos. Uma das últimas RATs, descoberto pela Engenharia de Segurança Arbor & Response Team (ASERT) at Arbor Networks, has started malicious campaigns in South-East Asia. A similar RAT previously was detected in an attack against the government of Myanmar. The hacking team behind those attacks has been identified by Cisco’s Talos Group as Group 27.

Learn More about RATs, Corporate Attacks and Incident Response:

How was the attack carried out?

Watering hole attacks were performed on the government’s official websites. Como um resultado, users visiting the pages to access information on upcoming elections were infected with PlugX – a well-known RAT used in multiple attacks throughout 2015.

The fact that the attacks against Myanmar’s government were disclosed hasn’t stopped Group 27. According to latest reports by Arbor’s Response Team (ASERT) a new remote access Trojan, associated with the group’s activities has been released. During the time of analysis, the new RAT remained undetected by most antivirus vendors. This proves that this new piece crafted for cyber espionage is quite sophisticated. It has been dubbed Trochilus.

What is specific about Trochilus?

The latest Group 27’s RAT includes a total of six malware strains, combined in different variations in accordance with the data targeted by the criminals.

ASERT experts named the whole collection of malware the Seven Pointed Dagger. It consists of:

  • Two Trochilus RAT versions;
  • A version of the 3012 variante do 9002 RATO;
  • An EvilGrab RAT version;
  • One unknown piece of malware yet to be identified.

Security analysts believe that Group 27 didn’t care much about the fact that their initial cyber espionage campaign was detected. além disso, the group continued infecting victims via the very same entrance – the Myanmar Election Commission website.

Trochilus RAT source code uploaded on GitHub

Despite that the RAT was designed to execute in the memory of the machine (thus evading detection by AV software), ASERT researchers obtained the RAT’s source code and connected it to a GitHub profile of a user named 5loyd.

On the GitHub page, the RAT has been advertised as a fast and free Windows remote administration tool. Other details include:

  • Written in CC+;
  • Supports various communication protocols;
  • Has a file manager module, a remote shell, a non-UAC mode;
  • Able to uninstall itself;
  • Able to upload information from remote machines;
  • Able to download an execute files.

Researchers believe that 5loys is not a part of Group 27. More likely, the user’s profile has been hijacked by the group and used for their own purposes.

donload_now_250
digitalizador Spy Hunter só irá detectar a ameaça. Se você quiser a ameaça de ser removido automaticamente, você precisa comprar a versão completa da ferramenta anti-malware.Saiba Mais Sobre SpyHunter Anti-Malware Ferramenta / Como desinstalar o SpyHunter

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...