Security News > 2020 > October > PoetRAT Resurfaces in Attacks in Azerbaijan Amid Escalating Conflict

A new iteration of the PoetRAT spyware, sporting improvements to operational security, code efficiency and obfuscation, is making the rounds in Azerbaijan, targeting the public sector and other key organizations as the country's conflict with Armenia over disputed territory intensifies.

This time around, the attacks use Microsoft Word documents alleged to be from the Azerbaijan government - complete with the National Emblem of Azerbaijan in the top corners - to install PoetRAT in two separate files on victims' machines, according to researchers Warren Mercer, Paul Rascagneres and Vitor Ventura.

"Previous versions of PoetRAT deployed a Python interpreter to execute the included source code, which resulted in a much larger file size compared to the latest version's switch to Lua script," they said.

Cisco Talos researchers first discovered PoetRAT in April in attacks against energy companies in Azerbaijan that included post-exploitation tools to log keystrokes, record footage from webcams and steal browser credentials.

Researchers believe the rising conflict between Azerbaijan and Armenia is most likely to blame for the new attacks, according to the post.

News URL

https://threatpost.com/poetrat-resurfaces-azerbaijan-conflict/159917/