ISBuzz Staff | informationsecuritybuzz.com »
Cisco Talos discover Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure.
- Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting user’s information.
- … the victims of this campaign are primarily distributed across the United States, Italy and Singapore.
- The actor used complex obfuscation techniques in the downloader script. Each stage of the deobfuscation process results with the decryption methods for the subsequent stages to finally arrive at the actual malicious downloader method.
- … the latest example of threat actors abusing cloud services like Microsoft Azure and Amazon Web Services and are actively misusing them to achieve their malicious objectives.
- The actor is using the DuckDNS dynamic DNS service to change domain names of the C2 hosts.
- Cloud adoption continues to rise, with the rising popularity of Cloud Storage apps attracting abuse by both attackers (for malware delivery) and insider threats (for data exfiltration).
External Link: New RAT Targeting AWS, Azure