Friday, March 29, 2024
HomeSECURITYOperation Red Deer: cyber spies attack Israeli organizations

Operation Red Deer: cyber spies attack Israeli organizations

-


Operation Red Deer: cyber spies attack Israeli organizations

Israel Post became a member of the AsyncRAT Trojan infection chain.

Perception Point Specialists discovered a phishing campaign targeting a variety of Israeli organizations from various industries, during which the attackers deploy RAT-trojan AsyncRAT.

Operation Red Deer was named because the hackers spoofed the email address of Israel Post, whose logo is a red deer. The attack begins with a phishing email purporting to be Israel Post with an HTML attachment that, when opened, downloads an ISO image (HTML smuggling – HTML smuggling). It is worth noting that the HTML file is customized to the Israel Post style.

The ISO image contains an obfuscated VBS script that executes 3losh RAT, a modified version of the AsyncRAT malware, a remote administration trojan.

Based on TTPs and the chain of infection, experts suggested that the operation “Red Deer” group Aggah from Pakistan. Aggah specializes in attacks on government and corporate websites in the US and Europe. Hackers also engage in extortion, blackmail and data theft. Aggah was formed in 2020 from members of other hacker groups such as Killnet and DarkSide.

The AsyncRAT Trojan is a Remote Access Trojan (RAT) that allows attackers to remotely control computers on an infected network.

AsyncRAT has many features such as:

  • registration of keystrokes;
  • audio/video recording;
  • data exfiltration;
  • remote desktop management;
  • password recovery;
  • launching a remote shell;
  • payload delivery.

AsyncRAT has been used in various malware campaigns and hacker groups in the past. For example, the Chinese APT group BackdoorDiplomacy conducted a cyber-espionage campaign against a telecommunications firm in the Middle East. The attacks used several malicious tools, including the AsyncRAT Trojan.

Also in 2022, cybercriminals created an entire project to promote a fake P2E (play-to-earn) game called Cthulhu World, which distributes malware Raccoon Stealer, AsyncRAT and RedLine to steal victim passwords.



Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular