RAT Malware | Breaking Cybersecurity News | The Hacker News

A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan (RAT) on compromised systems. Attributing the intrusions to a threat actor named  PKPLUG  (aka  Mustang Panda  and HoneyMyte), Palo Alto Networks' Unit 42 threat intelligence team said it identified a new version of the modular PlugX malware, called THOR, that was delivered as a post-exploitation tool to one of the breached servers. Dating back to as early as 2008,  PlugX  is a fully-featured second-stage implant with capabilities such as file upload, download, and modification, keystroke logging, webcam control, and access to a remote command shell. "The variant observed [...] is unique in that it contains a change to its core source code: the replacement of its trademark word 'PLUG' to 'THOR,'" Unit 42 researchers Mike Harbison an

Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan (RAT) capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky, which pieced together the activity, attributed the campaign to an advanced persistent threat (APT) group it tracks as Ferocious Kitten, a group that has singled out Persian-speaking individuals allegedly based in the country while successfully operating under the radar. "The targeting of Psiphon and Telegram, both of which are quite popular services in Iran, underlines the fact that the payloads were developed with the purpose of targeting Iranian users in mind," Kaspersky's Global Research and Analysis Team (GReAT)  said . "Moreover, the decoy content displayed by the malicious files often made use of political themes and involved images or videos of resistance bas

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan (RAT) to get around defense barriers and monitor its victims. Typically spread through social engineering lures, the Windows spyware not only now targets Microsoft's Antimalware Scan Interface ( AMSI ) in an attempt to defeat endpoint protection software, it also employs a multi-stage installation process and makes use of Tor and Telegram messaging API to communicate with a command-and-control (C2) server. Cybersecurity firm Sophos , which observed two versions of Agent Tesla — version 2 and version 3 — currently in the wild, said the changes are yet another sign of Agent Tesla's constant evolution designed to make a sandbox and static analysis more difficult. "The differences we see between v2 and v3 of Agent Tesla appear to be focused on improving the success rate of the malware against sandbox defenses and malware scanners, and on providing more