OceanLotus APT Uses New Ratsnif Trojan for Network Attacks

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,168
Content source
https://www.bleepingcomputer.com/news/security/oceanlotus-apt-uses-new-ratsnif-trojan-for-network-attacks/
A fairly undetected remote access trojan called Ratsnif and used in cyber-espionage campaigns from the OceanLotus group has gained new capabilities that allow it to modify web pages and SSL hijacking.

OceanLotus is a threat actor group believed to act in the interest of the Vietnamese state for espionage operations.
Also known as APT32, CobaltKitty, SeaLotus, and APT-C-00 in the infosec community, the hackers typically combine unique malware with commercially-available tools, like Cobalt Strike.

Researchers at Blackberry Cylance analyzed four variants of the Ratsnif RAT family that show it evolve from a debug build to a release version with features like packet sniffing, ARP poisoning, DNS and MAC spoofing, HTTP redirection and injection, SSL hijacking, and setting up remote shell access.
Click to expand...
threatvector.cylance.com

Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus

The OceanLotus Group (aka APT32, CobaltKitty) is using a suite of remote access trojans dubbed 'Ratsnif' to leverage new network attack capabilities. In this blog, BlackBerry Cylance threat researchers have analyzed the Ratsnif trojans, which offer a veritable Swiss-army knife of network attack...
threatvector.cylance.com threatvector.cylance.com
 
  • Like
  • +Reputation
Reactions: Andy Ful, Gandalf_The_Grey, upnorth and 2 others
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
    • +Reputation
    • Wow
Winter Vivern APT group uses unknown set of espionage campaigns to strike government and private entities
Replies
0
Views
369
News Archive
[correlate]
[correlate]
silversurfer
    • Like
    • +Reputation
QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord
Replies
2
Views
1,429
News Archive
Xeno1234
Xeno1234
silversurfer
    • +Reputation
    • Like
Malware News New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion
Replies
0
Views
1,120
Security News
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top