RATicate drops info stealing malware and RATs on industrial targets

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/raticate-drops-info-stealing-malware-and-rats-on-industrial-targets/

Security researchers from Sophos have identified a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies.

Sophos discovered that RATicate's attacks have been targeting industrial companies from Europe, the Middle East, and the Republic of Korea as part of five separate campaigns between November 2019 and January 2020, although the researchers suspect that they were behind other similar campaigns in the past. [....]

To infect the targets' systems, the attackers used two infection chains, both of them involving the delivery of payloads via phishing emails but with a slight difference in the way they are deployed.

The first infection chain uses ZIP, UDF, and IMG malicious attachments containing the malicious NSIS installers, while the second uses XLS and RTF documents booby-trapped to download the installers from a remote server onto the victims' devices. [....]

RATicate: an attacker’s waves of information-stealing malware

In a series of malspam campaigns dating back to November of 2019, an unidentified group sent out waves of installers that drop remote administration tool (RAT) and information stealing malware on victims’ computers. We’ve identified five separate campaigns between November, 2019 and January...

news.sophos.com

 

[Der.Reisende]

Hopefully Nintendo / GameFreak do not sue Sophos for that Alias...

Spoiler: Raticate

Sorry for OT, could not resist

Thank you for the main share @silversurfer!
Sounds nasty!