Security News > 2023 > June > Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer
A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer.
Bitdefender said all the machines infected over the course of the incident were manufactured by Dell, suggesting that the threat actors deliberately chose this folder to camouflage the malicious activity.
"This highlights the fact that threat actors actively seek credentials and saved connections to other systems," Bitdefender's Marin Zugec said in a second analysis.
What's more, the connecting RDP clients are infected with another Golang-based custom malware known as Logutil to maintain a persistent foothold on the victim network using DLL side-loading techniques and facilitate command execution.
Not much is known about the threat actor other than the fact that it has been active dating back to at least 2020.
"This attack serves as a testament to the increasing sophistication of modern cyber attacks, but also underscores the fact that threat actors can leverage their newfound sophistication to exploit older, widely adopted technologies."
News URL
https://thehackernews.com/2023/06/experts-uncover-year-long-cyber-attack.html
Related news
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)