silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,210
A fairly undetected remote access trojan called Ratsnif and used in cyber-espionage campaigns from the OceanLotus group has gained new capabilities that allow it to modify web pages and SSL hijacking.
OceanLotus is a threat actor group believed to act in the interest of the Vietnamese state for espionage operations.
Also known as APT32, CobaltKitty, SeaLotus, and APT-C-00 in the infosec community, the hackers typically combine unique malware with commercially-available tools, like Cobalt Strike.
Researchers at Blackberry Cylance analyzed four variants of the Ratsnif RAT family that show it evolve from a debug build to a release version with features like packet sniffing, ARP poisoning, DNS and MAC spoofing, HTTP redirection and injection, SSL hijacking, and setting up remote shell access.
Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus
The OceanLotus Group (aka APT32, CobaltKitty) is using a suite of remote access trojans dubbed 'Ratsnif' to leverage new network attack capabilities. In this blog, BlackBerry Cylance threat researchers have analyzed the Ratsnif trojans, which offer a veritable Swiss-army knife of network attack...
threatvector.cylance.com