malware, remote access trojan, russia, microsoft

Unknown attackers target Russian entities with newly discovered malware that allows them to control and steal information from compromised devices remotely.

According to Malwarebytes, one of the Russian organizations that were attacked using this malware is a government-controlled defense corporation.

“Based on a fake domain registered by the threat actors, we know that they tried to target a Russian aerospace and defense entity known as OAK,” the Malwarebytes Labs researchers said.

Dubbed Woody Rat, this remote access trojan (RAT) has a wide range of capabilities and has been used in attacks for at least one year.

This malware is currently delivered onto targets’ computers via phishing emails through two distribution methods: ZIP archive files containing the malicious payload or “Information security memo” Microsoft Office documents that exploit the Follina vulnerability to drop the payloads.

“The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group,” the researchers added.

“When the Follina vulnerability became known to the world, the threat actor switched to it to distribute the payload, as identified by MalwareHunterTeam.”

malware, remote access trojan, russia, microsoft

Woody Rat distribution vectors (Malwarebytes LABS)

Its list of features includes collecting system information, listing folders and running processes, executing commands and files received from its command-and-control (C2) server, downloading, uploading, and deleting files on infected machines, and taking screenshots.

Woody Rat can also execute .NET code and PowerShell commands and scripts received from its C2 server using two DLLs named WoodySharpExecutor and WoodyPowerSession.

Once launched on a compromised device, the malware uses process hollowing to inject itself into a suspended Notepad process, deletes itself from the disk to evade detection from security products, and resumes the thread.

The RAT encrypts its C2 communication channels using a combination of RSA-4096 and AES-CBC to elude network-based monitoring.

Malwarebytes is yet to attribute the malware and the attacks to a known threat group but said that a very short list of possible suspects includes Chinese and North Korean APTs.

“This very capable Rat falls into the category of unknown threat actors we track. Historically, Chinese APTs such as Tonto team as well as North Korea with Konni have targeted Russia,” the researchers concluded.

“However, based on what we were able to collect, there weren’t any solid indicators to attribute this campaign to a specific threat actor.”

This aligns with recent findings from several other vendors who also spotted Chinese hacking groups targeting Russian officials, government agencies and entities, and aerospace firms.

TECH NEWS RELATED

iPad and iPad Pro 2022 delays just tipped — here’s why

China’s power outages could delay the production of the upcoming iPads — but not by too much

View more: iPad and iPad Pro 2022 delays just tipped — here’s why

TikTok threatned? Oracle is auditing user data management

TikTok has always been the center of controversies when it comes to the United States. The app was one of the targets under Trump’s administration, but this continued with Biden due to the continuous tensions between the US and China. TikTok, as a Chinese application, is the target of suspicions ...

View more: TikTok threatned? Oracle is auditing user data management

Do We Truly Own Our Data Today?

Disclaimer: The text below is an advertorial article that is not part of Cryptonews.com editorial content. Some were shocked when the Economist proclaimed in 2017, “the world’s most valuable resource was data and no longer oil,” and further cited the giants that deal in data as: “These titans—Alphabet (Google’s parent company), Amazon, ...

View more: Do We Truly Own Our Data Today?

Dodge’s First EV, Charger Daytona, Comes with Exhaust Noise! Here’s What to Expect

Dodge showcased its first ever electric vehicle (EV), the Charger Daytona, giving us a look at the next all-electric muscle car. The American automaker confirms that the new Charger Daytona concept is set to replace two iconic fuel-powered muscles of Dodge, namely the Challenger and the Charger, sometime in 2024. ...

View more: Dodge’s First EV, Charger Daytona, Comes with Exhaust Noise! Here’s What to Expect

This breakthrough tech allows Wi-Fi signals to literally break through walls

Or bounce through a convoluted maze to get through a wall, but still no reflections!

View more: This breakthrough tech allows Wi-Fi signals to literally break through walls

Vivo V25 series launch date in Malaysia set for August 29

The Vivo V25 smartphone’s launch in Malaysia is right around the corner. The handset will boast the same specs as the Indian variant. Vivo is prepping to launch its recently unveiled V25 smartphone in Malaysia. The company recently released the V25 series featuring the V25 and the V25 Pro smartphones. ...

View more: Vivo V25 series launch date in Malaysia set for August 29

E Ink to expand e-paper production capacity

E Ink Holdings (EIH) will build new production lines in Taiwan for making e-paper film and in China for making e-paper materials, according to company chairman and CEO Johnson Lee. EIH will add two more e-paper film production lines, bringing the total to six at its headquarters site under ...

View more: E Ink to expand e-paper production capacity

Vietnam becomes 'new China' in Apple's production

Apple is branching out into Vietnam for the first time in order to diversify production. Apple Watch, Homepod, iPad tablets, and more are among the products, according to Nikkei Asia. To Apple, Vietnam is the ‘new China.’ Now, the country silently surpasses China being Apple’s most significant production hub ...

View more: Vietnam becomes 'new China' in Apple's production

iPhone 14 Pro price hike just tipped as ‘likely’ by analyst

Saudi Arabian Woman is Sentenced to 34 Years in Prison for Tweeting in Favor of Women's Rights

Several Tech Companies Affected in China’s Heatwave as Supply Factories Closes

Apple: iPhone 14 to Go On Sale on September 16, A Week After Launch [RUMORS]

File Transfer to a Shared folder stops randomly [Fixed]

How To Run Sh. Or Shell Script In Windows

How to Get Into BIOS on Asus Motherboard

How to Open MSG Files (With or Without Outlook)

Hotmail Not Receiving Emails? Try These Fixes

How to Open or Edit Word Documents Without Word?

Windows Not Accepting Passwords? How to Fix It?

How to Disable Firewall on Windows, Linux & Mac

OTHER TECH NEWS

Top Car News Car News