CyberNews Briefs

RATicate Group Hits Industrial Firms With Revolving Payloads

According to researchers, a new threat group called RATicate is targeting industrial companies with revolving payloads and is behind several malspam attacks against companies such as LokiBot, Agent Tesla, Netwire, FormBook, and BetaBot. Researchers have attributed at least six separate campaigns to the group, with the first starting in November and the most recent in March.

The campaigns all leveraged Nullsoft Scriptable Install Systems (NSIS), to create Windows installers and eventually drop remote access trojans on targeted systems. NSIS is a legitimate open-source tool intended to create Windows installers. The most recent campaign capitalizes on the current COVID-19 pandemic to convince victims to open payloads, representing a shift in tactics.

Read More: RATicate Group Hits Industrial Firms With Revolving Payloads

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.