07-23-2020 , 08:54 AM
https://threatpost.com/oilrig-apt-unique...or/157646/ OilRig APT Drills into Malware Innovation with Unique Backdoor
Author: Tara Seals
July 22, 2020 5:14 pm
3 minute read
The RDAT tool uses email as a C2 channel, with attachments that hide data and commands inside images.
A series of cyberattacks on a telecom company in the Middle East has signaled the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group’s arsenal, called RDAT.
The attacks were observed in April by Palo Alto Networks’ Unit 42. Researchers there said that the version of RDAT in question was uncovered during the course of its investigation, standing out by using a unique command-and-control (C2) channel. To wit, it uses steganography to hide commands and data within bitmap images attached to emails.
The backdoor first debuted as a proprietary OilRig weapon in 2017 and has gone through several updates since then, the firm noted, adding that timestamps indicate that OilRig added the steganography trick to RDAT’s profile as far back as 2018.
Author: Tara Seals
July 22, 2020 5:14 pm
3 minute read
The RDAT tool uses email as a C2 channel, with attachments that hide data and commands inside images.
A series of cyberattacks on a telecom company in the Middle East has signaled the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group’s arsenal, called RDAT.
The attacks were observed in April by Palo Alto Networks’ Unit 42. Researchers there said that the version of RDAT in question was uncovered during the course of its investigation, standing out by using a unique command-and-control (C2) channel. To wit, it uses steganography to hide commands and data within bitmap images attached to emails.
The backdoor first debuted as a proprietary OilRig weapon in 2017 and has gone through several updates since then, the firm noted, adding that timestamps indicate that OilRig added the steganography trick to RDAT’s profile as far back as 2018.