Security News > 2024 > January > Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months
A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains.
Microsoft security researcher Igal Lytzki spotted the attacks delivered over hijacked email threads last summer but couldn't retrieve the final payload. In September, AT&T's Alien Labs team of researchers noticed "a spike in phishing emails, targeting specific individuals in certain companies" and started to investigate.
"The victims and their companies are carefully selected to broaden the impact of the campaign. Some of the identified targets manage key infrastructure in the U.S." - AT&T Alien Labs.
AT&T Alien Labs determined that the threat actor used 300 unique samples of the loader in the past 11 months, each with minor alterations in the code structure, obfuscation, and variable names and values.
AT&T was able to decode the logic behind the domain generation system, and even predicted the domains that will be generated and assigned to the malware throughout January 2024.
The Alien Labs team provide a set of indicators of compromise along with signatures for the Suricata network analysis and threat detection software that companies can use to detect intrusions associated with this AsyncRAT campaign.
News URL
Related news
- New Tickler malware used to backdoor US govt, defense orgs (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)