Os analistas de amora-preta Cylance descrito APT32 (aka OceanLotus, CobaltKitty, SeaLotus, APT-C-00) armas de grupo.
Eut is worth reminding this group attacks mainly foreign companies that invest in the development of production in Vietnam. As principais indústrias são varejo, consultoria e setor de hospitalidade De acordo com especialistas de segurança da informação, APT32 age no interesse do governo vietnamita, and attacks can be carried out to gather information for law enforcement agencies.A experts’ report describes in detail a tool that was previously unknown to researchers – RAT Ratsnif (the researchers studied its four versions). The earliest version of the malware dates 2016. Pelo visto, at that time malware was still at the debugging stage. The newest version was created in August 2018.
“The trojans, under active development since 2016, combine capabilities like packet sniffing, gateway/device ARP poisoning, DNS poisoning, HTTP injection, and MAC spoofing”, — say researchers from Blackberry Cylance.
Os especialistas observam que, unlike earlier versions, the most recent version of Ratsnif no longer has the hard-coded addresses of the control servers in the code and delegates all the communications to malware, which is also installed in the victim’s system. além do que, além do mais, this is the first version in which there is a configuration file, as well as a number of new functions that increase the effectiveness of the malware: HTTP injecting, protocol parsing, and interference with SSL.
Ao mesmo tempo, Blackberry Cylance analysts note that Ratsnif can hardly be called a work of cyber-spy art. The fact is that a large part of the malware code was borrowed from open sources, and the overall quality of the development is evaluated by experts as low: during the analysis, a bug was detected in the malware code related to the violation of memory reading.
“Ratsnif is an intriguing discovery, considering the length of time it remained undetected, likely due to limited deployment. It offers a rare glimpse on two years of feature development, allowing us to observe how threat actors tailor tooling to their nefarious purposes”, — report specialists from Blackberry Cylance.
Ao mesmo tempo, de acordo com pesquisadores, Ratsnif does not meet rather high standards of usual OceanLotus malware.
