Security News > 2020 > October > DoD, DHS Warn of Attacks Involving SLOTHFULMEDIA Malware
The U.S. Department of Defense's Cyber National Mission Force and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency last week published a malware analysis report for what they described as a new malware variant named SLOTHFULMEDIA. SLOTHFULMEDIA is described as a dropper that deploys two files when executed, including a RAT designed to allow hackers to control compromised devices, and a component that removes the dropper once the RAT achieves persistence on the targeted computer.
The U.S. government's malware analysis report includes technical details about how the malware works, indicators of compromise and recommendations for securing systems against such threats.
It's not uncommon for these types of malware analysis reports made public by U.S. agencies to include information about the threat actor believed to be behind the attacks, including if it's a nation-state actor.
CISA and CNMF say the malware has been used in attacks launched by a sophisticated threat actor against entities in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia, and Ukraine.
A sample of the malware was also made available on VirusTotal by the U.S Cyber Command, which regularly posts samples of malware linked to foreign threat actors.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)