Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

APT-C-36 Drops Commodity RATs For Financial Gains

An ongoing spam campaign by APT-C-36 is targeting South American entities with commodity RATs for financial benefits. It is reportedly deploying multiple RATs such as njRAT, BitRAT, Async RAT, and Lime RAT. Apart from potential financial gains, the group’s motives are not yet clear.

What’s new?

In an ongoing phishing campaign, APT-C-36 is using fraudulent emails disguised to be from Colombia’s national directorate of taxes and customs.

  • The emails state that a seizure order has been issued for a bank account and further details are provided inside the email attachment. The information is protected with the password ‘dian’.
  • Other spam emails used in the campaign claim to have a photo as proof of the recipient’s partner’s affair. Just like other emails, recipients are urged to open the email attachment named attached picture[.]jpg, and ‘foto’ is the password provided by hackers.
  • The sender’s email address is spoofed and disguised as DIAN or a Hotmail address portrayed as a fake female profile.
  • Moreover, these emails use PDF/DOCX files including a link (generated from a URL shortener) as delivery documents. When clicked, recipients are taken to a file hosting site that automatically downloads an archive laden with BitRAT.

Who are on the target?

  • Most of the targets are based in Colombia, however, some were based in Ecuador, Spain, and Panama. Some of the spear-phishing emails were written in Spanish.
  • The group has targeted mainly the financial, government, and healthcare sectors. 
  • Some of the attacks were also observed in the energy, oil and gas, and telecommunications sectors.

Conclusion

APT-C-36, over time, appears to have become efficient in using different link shorteners and RATs within phishing emails. It has worked on improving its techniques of spreading malware while avoiding detection. Therefore, it is important to keep an eye on this threat group to avoid any unpleasant surprises.

Source: https://cyware.com/news/apt-c-36-drops-commodity-rats-for-financial-gains-27ecf47a

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Hackers have created a fake ‘Cthulhu World’ play-to-earn community, including websites, Discord groups, social accounts, and a Medium developer site, to distribute the Raccoon Stealer,...

Crime News

In this undated photo released by the Mitchum Family in May 2020 shows Thelma Haddock, left, and her sister, Naomi Johnson. Authorities said they...

Business News

This photo provided by South Carolina Dept. of Corrections shows Richard Moore. Moore, scheduled for execution later this month has chosen to die by...

Business News

Authorities stage outside Columbiana Centre mall in Columbia, S.C., following a shooting, Saturday, April 16, 2022. (AP Photo/Sean Rayford) Three mass shootings in the...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO