A cyberespionage campaign is targeting industrial organisations in the Asia-Pacific region using the sophisticated FatalRAT malware, reports Kaspersky ICS CERT. The malware, distributed via disguised email, WeChat and Telegram messages, contacts Youdao Cloud Notes to get a list of second-stage loaders to evade detection. It exploits existing software to remain unnoticed, and has capabilities such as system manipulation, data deletion and command executions. A Chinese-speaking threat actor is suspected.
Ragnar Loader toolkit evolves amid increased traction among threat operations
The Ragnar Loader malware toolkit, used by several threat operations, has been enhanced with more sophisticated capabilities. It now includes advanced encryption, encoding, and process
