A military-themed malware campaign targeting military and government organizations in South Asia unleashes “maldocs” that spread full remote-access trojan (RAT) capabilities.
The multistage chain attack, which began in 2018, infects endpoints with customized beacons and a modular dropper that Talos calls IndigoDrop, which executes the final payloads, Cisco Talos reported in a blog post.
“This attack demonstrates how the adversary operates a targeted attack that uses legitimate-looking lures to trick the target into infecting themselves,” according to the post, which details the malware capabilities and suggestion to guard against such an attack. Campaign components include the usage of both public and private servers, Microsoft Office, credentials stolen from the endpoint by a python module from Google Chrome, Microsoft Edge, Opera, Mozilla Firefox, WiFi credentials and bitly-shortened URLS.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.