Threat Pulse – March 2024
Each month, DigitalXRAID’s Security Operations Centre (SOC) analysts share the top threats affecting businesses globally. Take action to protect your organisation against these prolific threats.
If you’ve been affected by any of these threats, we’re here to help. You can call our Cyber Emergency line any time of the day or night for help with active cyberattacks.
DigitalXRAID’s SOC analysts constantly monitor for zero-day threats and update our signature databases using the largest Open Threat Exchange database available.
DinodasRAT Linux implant targeting entities worldwide
DinodasRAT, also known as XDealer, is a multi-platform backdoor written in C++ that offers a range of capabilities. This RAT allows the malicious actor to conduct surveillance and harvest sensitive data from a target’s computer.
A Windows version of this RAT was used in attacks against government entities in Guyana and documented by ESET researchers as Operation Jacana.
In early October 2023, after the ESET publication, we discovered a new Linux version of DinodasRAT. Sample artifacts suggest that this version (V10 according to the attackers’ versioning system) may have started operating in 2022, although the first known Linux variant (V7), which has still not been publicly described, dates back to 2021.
Hackers exploit Windows SmartScreen flaw to drop DarkGate malware
A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers.
Password Spraying Activity Targeting Various VPN Appliances and Firewalls
Password Spraying activity targeting VPN Appliances, Firewalls, and other web-based applications has been detected by Arctic Wolf Labs, a leading cybersecurity research and development company.
Xeno RAT Abuses Windows DLL Search to Avoid Detection
A new sophisticated malware, which is written in C# and has sophisticated functionalities, has been discovered. This new malware has been named Xeno RAT and is capable of evading detection, payload generation and to add the threat vector, it is also available as open-source on GitHub.
Moreover, the malware uses process injection, obfuscation, anti-debugging, C2 communication, and several other techniques that make it even more complicated to detect it. The primary threat vector of this malware is the use of a Shortcut file and multi-stage payload downloader.
RustDoor and GateDoor Malware
New macOS and Windows malware have been discovered, named RustDoor and GateDoor. These malwares are disguised as legitimate software updates. The malware communicates with C2 servers and can steal information, download files, and execute commands. The malware infrastructure appears related to the ShadowSyndicate cybercrime group.
New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics
A new malicious campaign dubbed DEEP#GOSU has been attributed to the North Korean state-sponsored group tracked as Kimsuky.
The attack chain leverages .LNK files, embedded PowerShell code and VBScript stagers that lead up to the download of payloads hosted on Dropbox.
All the C2 communication is handled through legitimate services such as Dropbox or Google Docs which allows the malware to blend in and go undetected as it appears like regular network traffic. The final payload in the campaigns is an info stealing malware with backdoor capabilities that allows for clipboard monitoring, keylogging and data exfiltration.
DigitalXRAID exists to ensure that the bad guys don’t win. We’re driven and motivated to protect customers. Our expertise and unrivalled service means we can take care of your security, whilst you take care of business.
Talk to the team to see how you can start protecting your business against cyberattacks today.
