Chinese hackers target Russian govt with upgraded RAT malware

Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. Security researchers at Kaspersky's Global Research and Analysis Team (GReAT) spotted the updated implant while investigating recent attacks where the attackers deployed the RAT malware using a malicious MMC script camouflaged as a Word document, which downloaded second-stage payloads and gained persistence on compromised systems. One of the malicious payloads is an unknown intermediary backdoor that helps transfer files between the command and control servers and hacked devices, run command shells, create new processes, delete files, and more. "In our telemetry, these files turned out to leave footprints of the MysterySnail RAT malware, an implant we described back in 2021. In observed infection cases, MysterySnail RAT was configured to persist on compromised machines as a service," Kaspersky said. "Notably, a short time af ... Read full article.