Cyber Espionage Chronicles: Operation Jacana Unleashes DinodasRAT on Guyana’s Government

“Stirring up a storm in the cyber espionage teapot, Operation Jacana Cyber Espionage is serving a blend of spear-phishing and a zesty malware known as DinodasRAT. With Guyana on the menu and a suspected dash of China-nexus adversary, it’s a hot serving of cyber chaos straight from the digital kitchen!”

Hot Take:

Well, well, well! The cyber espionage pot is brewing again and this time, it’s Guyana in the crosshairs. The recipe? Just a pinch of spear-phishing, a sprinkle of unknown malware (a delightful dish called DinodasRAT), and a generous helping of China-nexus adversary. Served piping hot, straight from the Operation Jacana kitchen!

Key Points:

  • A government entity in Guyana was targeted in a cyber espionage campaign named Operation Jacana in February 2023.
  • The campaign involved a spear-phishing attack that deployed an unrecorded implant, DinodasRAT.
  • ESET, a Slovak cybersecurity firm, linked the attack to a China-nexus adversary with medium confidence.
  • The attackers used a booby-trapped email to initiate the attack and a Vietnamese governmental website to host the payload.
  • The DinodasRAT malware was used to collect sensitive information from compromised systems and was capable of manipulating system metadata, files, and Windows registry keys.

Need to know more?

Spear-phishing, Meet DinodasRAT

In this latest episode of Cyber Espionage, a government entity in Guyana played the unwitting victim. The baddies spear-phished their way in, then deployed a new pet malware they've affectionately named DinodasRAT. This nasty little critter is a data-gobbling monster, munching on all the sensitive information it can get its digital claws on.

Unmasking the Culprits

The guys at ESET, with their cyber detective hats on, traced the breadcrumbs back to a group with a whiff of China about them. They're not 100% sure, but they're giving it a solid "maybe."

The Art of Deception

In true villain style, the attackers crafted a cunningly disguised email about a Guyanese fugitive on the loose in Vietnam. Who wouldn't click on that, right? But here's the twist - click on the link, and instead of a thrilling tale of international intrigue, you get a ZIP file stuffed with DinodasRAT, ready to feast on your computer's secrets.

DinodasRAT's Dirty Work

Once DinodasRAT gets to work, it's a one-stop-shop for cyber chaos. It encrypts the information it sends to the command-and-control server, pilfers system metadata, manipulates Windows registry keys, and even executes commands. All while you're still wondering about that Guyanese fugitive.

Recurring Tools and Tactics

Our cyber villains didn't stick to just one trick. They also used some old favorites like Korplug, proving that sometimes, the classics can be just as effective as the latest fads. Oh, and they've also been playing with SoftEther VPN client, previously used by another China-affiliated group. I guess when you find a good tool, you stick with it!
Tags: China-nexus adversary, DinodasRAT, ESET, Operation Jacana, PlugX, SoftEther VPN, Spear-phishing