Armenian Entities Hit by New Version of OxtaRAT Spying Tool

2023-02-17 12:47

Entities in Armenia have come under a cyber attack using an updated version of a backdoor called OxtaRAT that allows remote access and desktop surveillance.

"The tool capabilities include searching for and exfiltrating files from the infected machine, recording the video from the web camera and desktop, remotely controlling the compromised machine with TightVNC, installing a web shell, performing port scanning, and more," Check Point Research said in a report.

"The threat actors behind these attacks have been targeting human rights organizations, dissidents, and independent media in Azerbaijan for several years," the cybersecurity firm noted, calling the campaign Operation Silent Watch.

A polyglot file that combines compiled AutoIT script and an image, OxtaRAT features commands that permit the threat actor to run additional commands and files, harvest sensitive information, perform reconnaissance and surveillance via a web camera, and even pivot to other.

OxtaRAT has been put to use by the adversary as far back as June 2021, albeit with significantly reduced functionality, indicating an attempt to constantly update its toolset and fashion it into a Swiss Army knife malware.

"The underlying threat actors have been maintaining the development of Auto-IT based malware for the last seven years, and are using it in surveillance campaigns whose targets are consistent with Azerbaijani interests."

News URL

https://thehackernews.com/2023/02/armenian-entities-hit-by-new-version-of.html