June 7, 2023

Dubbed “A41APT” by Kaspersky researchers, sophisticated campaign to targetting japan industrial sector, the findings delve into a new slew of attacks undertaken by APT10 using previously undocumented malware to deliver as many as three payloads such as SodaMaster, P8RAT, and FYAnti.

The reports emerged of Japan-linked companies being targeted by the threat actor in over 17 regions worldwide.The infection chain leverages a multi-stage attack process, with the initial intrusion happening via abuse of SSL-VPN by exploiting unpatched vulnerabilities or stolen credentials.

Center to the campaign is a malware called Ecipekac (“Cake piece” in reverse) that traverses a four-layer “complicated loading schema” by making use of four files to “load and decrypt four fileless loader modules one after the other to eventually load the final payload in memory.”

While the main purpose of P8RAT and SodaMaster is to download and execute payloads retrieved from an attacker-controlled server,

The third payload, FYAnti, is a multi-layer loader module in itself that goes through two more successive layers to deploy a final-stage remote access Trojan known as QuasarRAT (or xRAT). It stealthy and difficult to track the activities

Tags:

Leave a Reply

You may have missed

Microsoft to comply with LinkedIn GDPR Violation

Microsoft to comply with LinkedIn GDPR Violation

June 7, 2023
Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
%d bloggers like this: