Malwarebytes researchers discovered an unidentified malicious actor who has been victimizing Russian organizations with a brand new remote access trojan named Woody RAT for at least a year as part of a spear-phishing campaign.
The Malware was being delivered via two methods: archive files and Microsoft Office documents compromising the Follina Windows Flaw (CVE-2022-30190).
Like other state sponsors of cyber operations, Woody RAT facilitates a wide range of features that allows the group of threat actors to take full remote control of the system and steal important data from the infected systems.
The team said that the attackers mainly focused on Russian organizations based on a fake domain they have registered, Malwarebytes is well aware of the fact that the attackers tried to target a Russian aerospace and defense entity known as OAK.
“The earliest versions of this Rat were typically archived into a zip file pretending to be a document specific to a Russian group. When the Follina vulnerability became known to the world, the threat actor switched to it to distribute the payload, as identified by @MalwareHunterTeam.” states the report published by Malwarebytes.
As per the technical data, the RAT is advanced malware that is equipped
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: