Security News > 2021 > September > Compromising a government network is so simple, an out-of-the-box, dark web RAT can do it
It's a well-known fact that powerful malware can be bought on the dark web and used with relative ease.
A new report from Cisco's Talos cybersecurity research team illustrates just how dangerous out-of-the-box remote access trojan malware can be: A campaign it has dubbed "Armor Piercer" has been attacking the Indian government since December 2020.
On the other hand, the report said what makes it seem that a skilled APT may not be behind the Armor Piercer campaign: "Two commercial and commodity RAT families known as NetwireRAT and WarzoneRAT" were found to be behind the attacks against the government and military of India.
"Unlike many crimeware and APT attacks, this campaign uses relatively simple, straightforward infection chains. The attackers have not developed bespoke malware or infrastructure management scripts to carry out their attacks, but the use of pre-baked artifacts doesn't diminish the lethality," Talos said in its report.
The final goal of the installer is to drop a RAT on the system that can maintain access, allow further penetration into a network and exfiltrate data.
WarzoneRAT makes its case in an impressive rundown of its features, pulled from a dark web ad and available in the Talos report linked above.
News URL
Related news
- Empire Market owners charged for enabling $430M in dark web transactions (source)
- Suspected bosses of $430M dark-web Empire Market charged in US (source)
- Dark-web kingpin puts 'stolen' internal AMD databases, source code up for sale (source)
- Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites (source)
- HUMINT: Diving Deep into the Dark Web (source)
- FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums (source)