Press ESC to close

Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

Category Details
Threat Actors Bitter (also known as APT-C-08, APT-Q-37, Hazy Tiger, Orange Yali, TA397)
Campaign Overview Targeted a Turkish defense sector organization in November 2024 using WmRAT and MiyaRAT malware
Target Regions/Victims Turkish defense sector; previously targeted China, Pakistan, India, Saudi Arabia, and Bangladesh
Methodology Spear-phishing emails with RAR archives containing LNK files; use of Alternate Data Streams (ADS) for payload delivery
Product Targeted Defense sector organizations, leveraging decoy documents about infrastructure projects
Malware Reference WmRAT, MiyaRAT, BitterRAT, ArtraDownloader, ZxxZ
Tools Used LNK files, PowerShell scripts, scheduled tasks, ADS, cmd.exe
Vulnerabilities Exploited NTFS Alternate Data Streams feature to smuggle malicious payloads
TTPs – Use of decoy documents
– Obfuscated PowerShell scripts
– Scheduled tasks for persistence
– Staging domains for payload delivery
Attribution Likely South Asian state-sponsored group supporting intelligence collection efforts
Recommendations – Monitor and block access to suspicious domains like jacknwoods[.]com
– Disable execution of LNK files from untrusted sources
– Deploy EDR solutions to detect use of ADS and unusual PowerShell activity
– Conduct user awareness training to recognize spear-phishing attempts
Source The Hackers News

Read full article: https://thehackernews.com/2024/12/bitter-apt-targets-turkish-defense.html

The above summary has been generated by an AI language model

Source: TheHackersNews

Published on: December 17, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *