Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.
Dec 02, 2023
Organizations in the Middle East, Africa, and the U.S. have been targeted by an unknown threat actor to distribute a new backdoor called Agent Racoon . "This malware family is written using the .NET framework and leverages the domain name service (DNS) protocol to create a covert channel and provide different backdoor functionalities," Palo Alto Networks Unit 42 researcher Chema Garcia said in a Friday analysis. Targets of the attacks span various sectors such as education, real estate, retail, non-profits, telecom, and governments. The activity has not been attributed to a known threat actor, although it's assessed to be nation-state aligned owing to the victimology pattern and the detection and defense evasion techniques used. The cybersecurity firm is tracking the cluster under the moniker CL-STA-0002. It's currently not clear how these organizations were breached, and when the attacks took place. Some of the other tools deployed by the adversary include a