Security News > 2022 > September > Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks
![Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks](/static/build/img/news/webworm-hackers-using-modified-rats-in-latest-cyber-espionage-attacks-medium.jpg)
A threat actor tracked under the moniker Webworm has been linked to bespoke Windows-based remote access trojans, some of which are said to be in pre-deployment or testing phases.
"The group has developed customized versions of three older remote access trojans, including Trochilus RAT, Gh0st RAT, and 9002 RAT," the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News.
It's worth pointing out that all the three backdoors are primarily associated with Chinese threat actors such as Stone Panda, Aurora Panda, Emissary Panda, and Judgement Panda, among others, although they have been put to use by other hacking groups.
Symantec said the Webworm threat actor exhibits tactical overlaps with another new adversarial collective documented by Positive Technologies earlier this May as Space Pirates, which was found striking entities in the Russian aerospace industry with novel malware.
Space Pirates, for its part, intersects with previously identified Chinese espionage activity known as Wicked Panda, Mustang Panda, Dagger Panda, Colorful Panda, and Night Dragon owing to the shared usage of post-exploitation modular RATs such as PlugX and ShadowPad. Other tools in its malware arsenal include Zupdax, Deed RAT, a modified version of Gh0st RAT known as BH A006, and MyKLoadClient.
Attack chains involve the use of dropper malware that harbors a loader designed to launch modified versions of Trochilus, Gh0st, and 9002 remote access trojans.
News URL
https://thehackernews.com/2022/09/webworm-hackers-using-modified-rats-in.html
Related news
- North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (source)
- Andariel Hackers Target South Korean Institutes with New Dora RAT Malware (source)
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- Chinese State-Backed Cyber Espionage Targets Southeast Asian Government (source)
- Chinese hacking groups team up in cyber espionage campaign (source)
- Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks (source)
- Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021 (source)
- Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign (source)
- Ratel RAT targets outdated Android phones in ransomware attacks (source)
- Rafel RAT targets outdated Android phones in ransomware attacks (source)