Network Security, Data Security, Threat Intelligence

Global cyberespionage campaign deployed by LilacSquid

Fiber Optic cables connected to an optic ports and Network cables connected to ethernet ports

U.S.-based IT software providers for the industrial and research sectors, European energy firms, and Asian pharmaceutical entities have been subjected to data exfiltration attacks by advanced persistent threat operation LilacSquid as part of a cyberespionage campaign that commenced in 2021, according to The Hacker News.

Intrusions involved the exploitation of known software bugs and breached remote desktop protocol credentials, with attackers either launching the MeshAgent open-source remote management tool or InkLoader to facilitate the distribution of the PurpleInk malware, which is a custom version of the QuasarRAT trojan, a report from Cisco Talos revealed.

Aside from enabling the execution of new applications and file operations, PurpleInk also allows remote shell deployment, directory and process enumeration, system information gathering, and command-and-control server communications, said researchers, who also noted similarities between the attack techniques and tools used by LilacSquid and Lazarus Group sub-cluster Andariel, including the use of MeshAgent and Secure Socket Funneling.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.