RATs in Russia: Horns&Hooves Malware Mischief Unleashes Chaos
The Horns&Hooves campaign targets over 1,000 Russian users and businesses, using NetSupport RAT and BurnsRAT. Disguised as customer inquiries, these phishing attacks aim to install stealer malware. With evolving tactics, the threat actor TA569 behind this operation is known for its sinister work with SocGholish malware.
Hot Take:
Ah, malware campaigns – the gift that keeps on giving, like a bad re-gifted fruitcake during the holidays. The newly discovered Horns&Hooves campaign seems to have taken a page from the book of “How to Make Friends and Influence Cybersecurity Experts” by targeting unsuspecting users in Russia with the stealth of a ninja and the persistence of a telemarketer. With a name like that, you’d think it was a new heavy metal band. Instead, it’s just another reminder that in the world of cybersecurity, the only thing you can count on is that you can’t count on anything staying the same. Grab your virtual popcorn, folks – this show is just getting started!
Key Points:
- Horns&Hooves campaign targets over 1,000 victims in Russia since March 2023.
- Utilizes NetSupport RAT and BurnsRAT to install stealer malware like Rhadamanthys and Meduza.
- Phishing tactics include lookalike email attachments with ZIP archives containing JScript scripts.
- Threat actor TA569 (Gold Prelude) suspected behind the campaign, known for SocGholish malware.
- Potential consequences include data theft, system damage, and follow-on ransomware attacks.