BleepingComputer reports that attacks with the WmRAT payload and new MiyaRAT malware have been launched by suspected South Asian cyberespionage operation Bitter against Turkish defense organizations.Bitter leveraged phishing emails with foreign investment project lures to spread a RAR archive containing a shortcut link, which when opened prompted PowerShell execution in alternative data streams and a scheduled task that facilitates malicious curl commands, including one that retrieves WmRAT, an analysis from Proofpoint showed. Unsuccessful command-and-control communications with WmRAT would then prompt the download of the more sophisticated MiyaRAT payload, which features improved data and communications encryption and directory and file control over WmRAT, according to Proofpoint researchers, who believe the attack campaign to be aimed at high-profile targets. Such findings come over a year after Bitter was observed by Intezer to have targeted the Chinese nuclear energy industry in attacks involving the spoofing of the Beijing branch of the Embassy of Kyrgyzstan.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds