Security News > 2022 > August > Russian organizations attacked with new Woody RAT malware
Unknown attackers target Russian entities with newly discovered malware that allows them to control and steal information from compromised devices remotely.
According to Malwarebytes, one of the Russian organizations that were attacked using this malware is a government-controlled defense corporation.
"Based on a fake domain registered by the threat actors, we know that they tried to target a Russian aerospace and defense entity known as OAK," the Malwarebytes Labs researchers said.
"The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group," the researchers added.
Once launched on a compromised device, the malware uses process hollowing to inject itself into a suspended Notepad process, deletes itself from the disk to evade detection from security products, and resumes the thread. The RAT encrypts its C2 communication channels using a combination of RSA-4096 and AES-CBC to elude network-based monitoring.
Malwarebytes is yet to attribute the malware and the attacks to a known threat group but said that a very short list of possible suspects includes Chinese and North Korean APTs.
News URL
Related news
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Russians lure European diplomats into malware trap with wine-tasting invite (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian army targeted by new Android malware hidden in mapping app (source)
- Disney Slack attack wasn't Russian protesters, just a Cali dude with malware (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)
- Google links new LostKeys data theft malware to Russian cyberspies (source)
- Malicious PyPi package hides RAT malware, targets Discord devs since 2022 (source)
- North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress (source)
- Fake Kling AI Facebook Ads Deliver RAT Malware to Over 22 Million Potential Victims (source)