Sunday, April 14, 2024
HomeSECURITYExperts have uncovered a long-term malicious operation against an IT company in...

Experts have uncovered a long-term malicious operation against an IT company in East Asia, it lit up a new malware RDStealer

-


Experts have uncovered a long-term malicious operation against an IT company in East Asia, it lit up a new malware RDStealer

Dell has become an unwitting accomplice in the intruders’ disguise.


According to a recent report Romanian cybersecurity company Bitdefender, an unnamed East Asian IT company was the target of a sophisticated cyberattack. The operation, which lasted more than a year, involved malware called RDStealer, written in the programming language go. The main goal of the attack was to compromise credentials and steal highly sensitive information from the victim company.

At the initial stage of the operation, the attackers used publicly available remote access trojans, such as AsyncRAT And Cobalt Strike. They later switched to using their own malware for increased evasion of detection.

Attackers actively exploited security vulnerabilities in Microsoft Windowsand stored malicious modules in folders that are usually excluded from scanning by antivirus programs, such as System32 and Program Files.

So, one of the directories in question used by the hackers is the path “C:\Program Files\Dell\CommandUpdate”. The legitimate Dell software update application uses this folder.

In addition, Bitdefender identified that all computers infected during the incident were manufactured by Dell, so the folder selection was deliberate and indicates some preparation by the attackers before the attack. After all, even if a technically savvy employee intentionally looks for malware in the system, he is unlikely to be able to detect it so easily with such an arrangement of the payload.

RDStealer specializes in collecting clipboard data and keyboard input. However, its distinguishing feature is the ability to track incoming connections by RDP (Remote Desktop Protocol) and compromise the remote machine if client drive mapping is enabled.

The attackers also infected connected RDP clients with another specialized Go-based malware known as Logutil, allowing them to maintain a permanent presence on the victim’s network and facilitate the execution of malicious commands.

“Cybercriminals are constantly exploring new methods to increase the reliability and stealth of their malicious activities. This attack is evidence of the increasing sophistication of cybercriminal operations,” summed up Marin Zugek, Bitdefender specialist.

Even IT companies are often powerless against professional hackers, so it is necessary to constantly increase the level of cybersecurity and employee awareness of possible threats. This is the only way to protect your data and reputation from undesirable consequences.



Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular