Security News > 2022 > August > Russian organizations attacked with new Woody RAT malware

Russian organizations attacked with new Woody RAT malware
2022-08-03 22:35

Unknown attackers target Russian entities with newly discovered malware that allows them to control and steal information from compromised devices remotely.

According to Malwarebytes, one of the Russian organizations that were attacked using this malware is a government-controlled defense corporation.

"Based on a fake domain registered by the threat actors, we know that they tried to target a Russian aerospace and defense entity known as OAK," the Malwarebytes Labs researchers said.

"The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group," the researchers added.

Once launched on a compromised device, the malware uses process hollowing to inject itself into a suspended Notepad process, deletes itself from the disk to evade detection from security products, and resumes the thread. The RAT encrypts its C2 communication channels using a combination of RSA-4096 and AES-CBC to elude network-based monitoring.

Malwarebytes is yet to attribute the malware and the attacks to a known threat group but said that a very short list of possible suspects includes Chinese and North Korean APTs.


News URL

https://www.bleepingcomputer.com/news/security/russian-organizations-attacked-with-new-woody-rat-malware/