Security News > 2022 > August > Russian organizations attacked with new Woody RAT malware
Unknown attackers target Russian entities with newly discovered malware that allows them to control and steal information from compromised devices remotely.
According to Malwarebytes, one of the Russian organizations that were attacked using this malware is a government-controlled defense corporation.
"Based on a fake domain registered by the threat actors, we know that they tried to target a Russian aerospace and defense entity known as OAK," the Malwarebytes Labs researchers said.
"The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group," the researchers added.
Once launched on a compromised device, the malware uses process hollowing to inject itself into a suspended Notepad process, deletes itself from the disk to evade detection from security products, and resumes the thread. The RAT encrypts its C2 communication channels using a combination of RSA-4096 and AES-CBC to elude network-based monitoring.
Malwarebytes is yet to attribute the malware and the attacks to a known threat group but said that a very short list of possible suspects includes Chinese and North Korean APTs.
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT (source)
- Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian charged by U.S. for creating RedLine infostealer malware (source)
- Uncle Sam outs a Russian accused of developing Redline infostealing malware (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)