New custom RDStealer malware has been leveraged to facilitate a more than a year-long compromise of an IT firm in East Asia, The Hacker News reports.
Attackers have targeted the organization's Dell machines and stored RDStealer within the Program Files folder to evade detection, according to a Bitdefender report.
Aside from featuring clipboard content and keystroke data collection capabilities, the Golang-based RDStealer malware also employs Remote Desktop Protocol connection monitoring to enable data exfiltration activities. The findings suggest persistent efforts by threat actors to obtain credentials and connections with other systems, noted a second Bitdefender report.
"Cybercriminals continually innovate and explore novel methods to enhance the reliability and stealthiness of their malicious activities. This attack serves as a testament to the increasing sophistication of modern cyberattacks, but also underscores the fact that threat actors can leverage their newfound sophistication to exploit older, widely adopted technologies," said Bitdefender researcher Marin Zugec, who authored the second report.
Organizations in the government, real estate, telecommunications, retail, and other sectors across the U.S., Africa, and the Middle East have been subjected to intrusions under the new CL-STA-0002 threat cluster.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news