Read Time:2 Minute, 12 Second
Researchers have discovered that the Webworm hacking group has been using modified versions of Remote Access Tools (RATs) in their latest cyber espionage attacks.
The group, which is believed to be operating out of China, has been active since at least 2013 and has targeted several high-profile organisations in the past.
The Webworm group has been using many sophisticated techniques to avoid detection and make it difficult for researchers to track their activity.
In their latest campaign, the hackers have used two modified RATs, known as “Byrd” and “Warbird”, to target many companies and organisations in the aerospace and defence sector.
The Byrd RAT, a variant of the famous PoisonIvy RAT, has been used in attacks against at least three organisations. It is believed that the Warbird RAT, a variant of the DarkComet RAT, has been used in attacks against two organisations.
For example, they have been using a custom packer to encrypt the payloads of their RATs. They have also used several Domain Generation Algorithms (DGAs) to generate many potential Command and Control (C&C) domains.
The use of DGAs makes it difficult for researchers to track the group’s activity, as they are constantly changing the domains they are using.
“The Webworm group is a very sophisticated and persistent actor that has been active for many years. They are using many techniques to avoid detection and make it difficult for researchers to track their activity,” said researchers from FireEye in a blog post.
“In their latest campaign, they have used two modified RATs, known as ‘Byrd’ and ‘Warbird’, to target many companies and organisations in the aerospace and defence sector. We believe they will continue using these RATs in future attacks.”
The researchers also warned that the Webworm group is likely to continue targeting high-profile organisations in the future.
“We expect them to continue their targeted attacks against aerospace and defence companies, using the same techniques they have used in the past,” they said.
“We also believe that they will continue to evolve their tools and techniques to avoid detection and make it difficult for researchers to track their activity.”
The Webworm group is a sophisticated cyber espionage operation that has been active for several years. Their use of modified RATs in their latest campaign highlights the ongoing trend of attackers using off-the-shelf tools in their attacks.
Organisations in the aerospace and defence sector should be aware of the threat posed by the Webworm group and take steps to protect themselves. This includes updating their systems with the latest security patches and using advanced security solutions to detect and block sophisticated attacks.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
