Remote Access Trojans (RATs) are biting organizations badly across the world while leaving behind a big hole in their critical assets and infrastructures. The scary part is that threat actors have started updating their arsenal with multiple RATs to launch devastating cyberespionage campaigns.

What’s the scenario?

Cybercriminals are always hungry for more corporate accounts, data, and funds that can later be used for further malicious attacks. One of the effective ways to attain this is by infesting victims’ systems with RATs. Some of the notable attacks observed lately include:
  • An attack campaign against aviation victims that distributed RevengeRAT or AsyncRAT payloads. These RATs were dropped via a highly sophisticated crypter-as-a-service called Snip3. The RATs were used to harvest screenshots, keystrokes, credentials, webcam feeds, browser, and clipboard data.
  • A series of attacks attributed to the China-based RedFoxtrot APT group. Experts noticed that the threat actors had employed PlugX and Poison Ivy RATs, among other malware. These attacks date back to 2014 and likely focused on gathering defense information from neighboring countries.
  • Continuous attack campaigns from SideCopy that mainly target Indian official governments. The gang was found to have updated its arsenal with several custom new RATs such as CetaRAT, Allakore RAT, DetaRAT, ReverseRAT, MargulasRAT, ActionRAT, and njRAT.
  • A year-long cyberespionage campaign against companies in the oil and gas sector. Threat actors were found delivering AZORult, FormBook, Loki, and Agent Tesla RATs on infected machines to pilfer sensitive data.

The spear-phishing attack vector

  • It is to be noted that all these attack campaigns were launched via phishing emails that contained specially crafted messages and other social engineering tactics.
  • While spear-phishing is considered to be an old-school tactic, cybercriminals still use it for malicious purposes.

Some concerning aspects

Attackers can aim for more using RATs. While pilfering confidential data remains the primary objective, RATs have also been found useful in launching DDoS attacks. Moreover, with the growing popularity of Bitcoin and other cryptocurrencies, attackers have started using RATs to configure infected devices for mining digital currency.

Cyware Publisher