A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT.
Israeli cybersecurity company Perception Point is tracking the activity under the moniker
Operation PhantomBlu.
"The PhantomBlu operation introduces a nuanced exploitation method, diverging from NetSupport RAT's typical delivery mechanism by leveraging OLE (Object Linking and Embedding) template manipulation, exploiting Microsoft Office document templates to execute malicious code while evading detection," security researcher Ariel Davidpur
said.
NetSupport RAT is a
malicious offshoot of a legitimate remote desktop tool known as NetSupport Manager, allowing threat actors to conduct a spectrum of data gathering actions on a compromised endpoint.
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
New Spear-Phishing Attack Abusing Google Ads to Deliver EndRAT Malware
NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors