Security News > 2021 > September > Compromising a government network is so simple, an out-of-the-box, dark web RAT can do it
It's a well-known fact that powerful malware can be bought on the dark web and used with relative ease.
A new report from Cisco's Talos cybersecurity research team illustrates just how dangerous out-of-the-box remote access trojan malware can be: A campaign it has dubbed "Armor Piercer" has been attacking the Indian government since December 2020.
On the other hand, the report said what makes it seem that a skilled APT may not be behind the Armor Piercer campaign: "Two commercial and commodity RAT families known as NetwireRAT and WarzoneRAT" were found to be behind the attacks against the government and military of India.
"Unlike many crimeware and APT attacks, this campaign uses relatively simple, straightforward infection chains. The attackers have not developed bespoke malware or infrastructure management scripts to carry out their attacks, but the use of pre-baked artifacts doesn't diminish the lethality," Talos said in its report.
The final goal of the installer is to drop a RAT on the system that can maintain access, allow further penetration into a network and exfiltrate data.
WarzoneRAT makes its case in an impressive rundown of its features, pulled from a dark web ad and available in the Talos report linked above.
News URL
Related news
- Dark web crypto laundering kingpin sentenced to 12.5 years in prison (source)
- What Is the Dark Web? (source)
- What It Costs to Hire a Hacker on the Dark Web (source)
- Russia sentences Hydra dark web market leader to life in prison (source)
- Russia gives life sentence to Hydra dark web kingpin after seizing a ton of drugs (source)
- Scumbag gets 30 years in the clink for running CSAM dark-web chatrooms, abusing kids (source)