Jump to content

Nation-State RAT Attack Vectors Get Smarter


Recommended Posts

A more sophisticated technique for deploying remote access trojans (RATs) has been observed, used by a handful of countries across Asia.


According to SentinelOne analysis, nation-state attackers have been successfully deploying RATs for years to remotely control user systems—giving them full access to the victim’s files or resources such as cameras, recording key strokes or downloading further malware. Traditionally, RATs have been deployed when a user opens an email attachment, or downloads a file from a website or peer-to-peer network.  In both cases, these vectors involve use of files to deliver the payload—which are easier to detect.


The new technique ensures that the payload/file remains in memory through its execution, never touching the disk in a de-encrypted state. 


“In doing so, the attacker can remain out of view from antivirus technologies, and even ‘next-generation’ technologies that only focus on file-based threat vectors,” said SentinelOne. “Also, the samples analyzed have the ability to detect the presence of a virtual machine to ensure it’s not being analyzed in a network sandbox.”

The technique can be used to deliver any known RAT to a victim’s system.


Earlier in the year, a multi-pronged attack campaign involving various government websites and non-governmental organizations in Asia was uncovered, using a RAT named ‘Trochilus.’ That campaign was driven by East Asian threat actors.


In 2015, the PlugX and EvilGrab malware was targeting government websites in Asia, using watering-hole methods involving websites operated by the government of Myanmar and associated with recent elections. Arbor Networks also uncovered a seven-piece malware and RAT cluster, dubbed the “Seven Pointed Dagger,” which offers Asian threat actors a variety of capabilities, including espionage and the means to move laterally within target networks in order to achieve more strategic access.


Article source

Link to comment
Share on other sites

  • Replies 2
  • Views 443
  • Created
  • Last Reply

A multi-pronged attack campaign involving various government websites and non-governmental organizations in Asia has been uncovered. At its heart is the recently-discovered remote access trojan (RAT) named ‘Trochilus.’

Link to comment
Share on other sites

There are many rat's (remote access trojans remote access tools) that use fileless malware one of the popular ones is poweliks and Im sure others are going to follow.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...