Quantcast
Channel: Seculert Blog on Advanced Threats and Cyber Security » RAT
Viewing all articles
Browse latest Browse all 8

APT Xtreme RAT Campaign Infesting Enterprises Again

0
0

Network security professionals are being warned to get their APT traps primed and ready, now that the remote access trojan (RAT) known as Xtreme RAT is on the loose again – this time, targeting victims primarily in the US and Europe.

This isn’t the first time that we’ve seen an Xtreme RAT infestation. Back in January, the experts in Seculert’s Research Lab identified this nasty malware associated with an APT campaign designed to attack Israeli organizations, including government offices.

The current APT campaign, which according to early reports delivered its payload between April 29 and May 27, used fake Microsoft digital certificates to send emails to employees in a number of organizations, including the BBC, an as yet-unnamed US financial institution, and government offices in Israel, Turkey, the US, the UK, New Zealand, Macedonia, Latvia, and Slovenia.

The phony emails claimed to include documents related to current conflicts in the Middle East, but in fact contained RAR-encrypted attachments that, once downloaded, infected victims with RAT freeware and allowed the bad actors behind it — a group known as “Molerats” — to steal passwords and capture desktop images.

Like many APT campaigns, the bad actors here are once again exploiting what is typically the weakest link in a network defense system: its people. As such, enterprises are urged to educate their employees on the dangers of downloading questionable attachments, visiting unfamiliar websites, or even sharing what seems like basic information over the phone.

However, even with a 99% prevention rate, it only takes one blind spot for APTs and other advanced malware to deliver its payload and lead to a full-scale infection that can last for weeks, months or years without being detected by anti-virus software, secure web gateways, next-generation Firewalls, and other traditional on-premises products.

Fortunately, Seculert’s customers are protected by an extra layer of security. Our award-winning Advanced Threat Protection platform identifies communication between malware and its command and control server; no matter how subtle. Once detected, this critical threat data is used by SOC and IR teams to thwart the attack, quarantine and remediate any infected machines, and fortify defenses to prevent a future attack. Plus, there’s no hardware or software to download, and the protection extends to all devices, including those being used by remote employees outside of the corporate network.

Do you know how to react once your network has been compromised? Here are 5 steps to help you handle a breach in your security.











The post APT Xtreme RAT Campaign Infesting Enterprises Again appeared first on Seculert Blog on Advanced Threats and Cyber Security.


Viewing all articles
Browse latest Browse all 8

Latest Images

Trending Articles





Latest Images