A study found a cyber-attacker group, ‘Webworm’, testing older versions of remote access trojans (RATs) to launch new attacks. According to Broadcom Software’s Symantec report, a group called Space Pirates created customized versions of older remote access Trojans (RATs) such as Trochilus, Gh0st RAT, and 9002 RAT.
The older malware was reported in attacks between 2008 and 2018, including cyber espionage. The security researchers linked the attacking techniques adopted by Webworm, similar to the hacking group Space Pirates. The attacks by the Space Pirates group targeted government agencies, IT services, and aerospace and electric power industries based in countries including Georgia, Mongolia, Russia, and some Asian countries.
Experts suggest that using older malware by hackers may help go undetected to some extent and reduce the cost and time of creating newer ones. It may also be able to evade the need for attribution.
As per reports, Webworm used malware versions Trochilus RAT, 9002 and Gh0st RAT. The droppers used in attacks were found to match the new and the older versions of the RATs. The versions were modified in a way that helped evade detection. For example, a version of 9002 RAT was altered regarding its communication protocol, including encryption.
Trochilus RAT was detected in 2015 and is available on GitHub, a code hosting platform. Used in multiple cyber-attacks by several groups, Trochilus RAT can remotely uninstall a file manager and download, upload and execute files.
9002 RAT was reported to be in use since 2009 by state-sponsored attackers. It can exfiltrate large chunks of data. This has further strengthened Symantec’s research findings that link the present samples to the RATs used in previous attacks.
Gh0st RAT has been used by advanced persistent threat (APT) groups and has been in use since 2008. It was used in cyber espionage by a group called GhostNet.
AI fraud, deepfake probes, SME cyber warnings, and ransomware cases highlight rising global risks in this week’s Cyber Express roundup.
French national bank authority confirmed a major data breach affecting 1.2 million bank accounts after a malicious actor stole credentials…
The real success of AI will not only depend on how powerful the technology becomes, but on how safely, fairly,…
Israel data breach totals two petabytes, with phishing up 35% and cyber influence attacks rising 170%, says Yossi Karadi.
The UMMC cyberattack halted surgeries, closed clinics statewide and triggered a federal probe into potential patient data exposure.
ESET researchers discovered PromptSpy, the first known Android malware to integrate generative AI directly into its execution flow, marking a…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More