Security researchers have uncovered a new highly-targeted cyber espionage campaign, which is believed to be associated with a hacking group behind KHRAT backdoor Trojan and has been targeting organizations in South East Asia.
According to researchers from
Palo Alto, the hacking group, which they dubbed RANCOR, has been found using two new malware families—PLAINTEE and DDKONG—to target political entities primarily in Singapore and Cambodia.
However, in previous years, threat actors behind KHRAT Trojan were allegedly linked to a Chinese cyber espionage group, known as DragonOK.
While monitoring the C&C infrastructure associated with KHRAT trojan, researchers identified multiple variants of these two malware families, where PLAINTEE appears to be the latest weapon in the group's arsenal that uses a custom UDP protocol to communicate with its remote command-and-control server.
To deliver both PLAINTEE and DDKONG, attackers use spear phishing messages with different infection vectors, including malicious macros inside Microsoft Office Excel file, HTA Loader, and DLL Loader, which includes decoy files.
[...]
New Malware Family Uses Custom UDP Protocol for C&C Communications
