Security News > 2021 > September > Compromising a government network is so simple, an out-of-the-box, dark web RAT can do it
It's a well-known fact that powerful malware can be bought on the dark web and used with relative ease.
A new report from Cisco's Talos cybersecurity research team illustrates just how dangerous out-of-the-box remote access trojan malware can be: A campaign it has dubbed "Armor Piercer" has been attacking the Indian government since December 2020.
On the other hand, the report said what makes it seem that a skilled APT may not be behind the Armor Piercer campaign: "Two commercial and commodity RAT families known as NetwireRAT and WarzoneRAT" were found to be behind the attacks against the government and military of India.
"Unlike many crimeware and APT attacks, this campaign uses relatively simple, straightforward infection chains. The attackers have not developed bespoke malware or infrastructure management scripts to carry out their attacks, but the use of pre-baked artifacts doesn't diminish the lethality," Talos said in its report.
The final goal of the installer is to drop a RAT on the system that can maintain access, allow further penetration into a network and exfiltrate data.
WarzoneRAT makes its case in an impressive rundown of its features, pulled from a dark web ad and available in the Talos report linked above.
News URL
Related news
- Companies mentioned on the dark web at higher risk for cyber attacks (source)
- Dutch police arrest admin of 'Bohemia/Cannabia' dark web market (source)
- Dutch cops reveal takedown of 'world's largest dark web market' (source)
- Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation (source)
- Finland seizes servers of 'Sipultie' dark web drugs market (source)
- Dark web crypto laundering kingpin sentenced to 12.5 years in prison (source)