OceanLotus APT Uses New Ratsnif Trojan for Network Attacks

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/oceanlotus-apt-uses-new-ratsnif-trojan-for-network-attacks/

A fairly undetected remote access trojan called Ratsnif and used in cyber-espionage campaigns from the OceanLotus group has gained new capabilities that allow it to modify web pages and SSL hijacking.

OceanLotus is a threat actor group believed to act in the interest of the Vietnamese state for espionage operations.
Also known as APT32, CobaltKitty, SeaLotus, and APT-C-00 in the infosec community, the hackers typically combine unique malware with commercially-available tools, like Cobalt Strike.

Researchers at Blackberry Cylance analyzed four variants of the Ratsnif RAT family that show it evolve from a debug build to a release version with features like packet sniffing, ARP poisoning, DNS and MAC spoofing, HTTP redirection and injection, SSL hijacking, and setting up remote shell access.

Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus

The OceanLotus Group (aka APT32, CobaltKitty) is using a suite of remote access trojans dubbed 'Ratsnif' to leverage new network attack capabilities. In this blog, BlackBerry Cylance threat researchers have analyzed the Ratsnif trojans, which offer a veritable Swiss-army knife of network attack...

threatvector.cylance.com