Security News > 2023 > June > Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer
A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer.
Bitdefender said all the machines infected over the course of the incident were manufactured by Dell, suggesting that the threat actors deliberately chose this folder to camouflage the malicious activity.
"This highlights the fact that threat actors actively seek credentials and saved connections to other systems," Bitdefender's Marin Zugec said in a second analysis.
What's more, the connecting RDP clients are infected with another Golang-based custom malware known as Logutil to maintain a persistent foothold on the victim network using DLL side-loading techniques and facilitate command execution.
Not much is known about the threat actor other than the fact that it has been active dating back to at least 2020.
"This attack serves as a testament to the increasing sophistication of modern cyber attacks, but also underscores the fact that threat actors can leverage their newfound sophistication to exploit older, widely adopted technologies."
News URL
https://thehackernews.com/2023/06/experts-uncover-year-long-cyber-attack.html
Related news
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)