Researchers with Blackberry Cylance recently studied four variants of the Ratsnif remote access Trojan used by Vietnamese advanced persistent threat (APT) group OceanLotus (aka APT32, CobaltKitty, SeaLotus, and APT-C-00).
The research shows that OceanLotus is continuously adding new capabilities to Ratsnif. The relatively unknown Trojan, which is used by OceanLotus for cyber espionage purposes, is now capable of modifying web pages, SSL hijacking, packet sniffing, ARP poisoning, DNS and MAC spoofing and setting up remote shell access.
Read more: OceanLotus APT Uses New Ratsnif Trojan for Network Attacks