Over the course of the last 11 months, a threat group has actively engaged in a phishing campaign targeting employees across various companies, distributing an open-source trojan program named AsyncRAT. The victims of this campaign notably include companies responsible for managing critical infrastructure in the United States.
The cybersecurity division of AT&T, known as Alien Labs, has reported that the attackers employ a domain generation algorithm (DGA) within their command-and-control (C&C) infrastructure. This technique helps them rotate through a large number of domains, making it challenging to block traffic. In an effort to evade detection, the threat actors continually generate new samples of the malicious tool. Researchers have identified over 300 samples and 100 domains associated with this particular campaign.
AsyncRAT, an open-source remote access tool released in 2019 and still available on GitHub, serves as the attackers’ weapon of choice. As a remote access trojan (RAT), AsyncRAT offers features such as keylogging, exfiltration techniques, and initial access staging for delivering the final payload.
It’s not uncommon for even sophisticated threat actors to utilize open-source malware frameworks, providing advantages such as low development costs and plausible deniability. Interestingly, AsyncRAT had been previously employed in 2022 by an APT group known as Earth Berberoka or GamblingPuppet, as tracked by security
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: