Thursday, November 30, 2023

New SugarGh0st RAT targets Uzbekistan government and South Korea

The new SugarGh0st Remote Access Trojan (RAT) has been identified as targeting the Uzbekistan government and entities in South Korea. Cisco Talos, a leading cybersecurity research group, discovered this malicious campaign which likely started around August 2023. SugarGh0st is assessed to be a new, customized variant of the well-known Gh0st RAT, a trojan that has been active for over a decade. This RAT has been customized with specific commands to facilitate remote operations and espionage activities.

SugarGh0st represents a new evolution of the Gh0st RAT malware, maintaining its reputation as a significant threat in global cybersecurity. The RAT has been specifically identified in attacks targeting the Ministry of Foreign Affairs in Uzbekistan and various South Korean targets. The involvement of a Chinese group, referred to as "C.Rufus," has been indicated in these attacks.

The deployment of SugarGh0st marks a convergence of crime and espionage tactics, reflecting an ongoing trend in cyber threats where sophisticated tools are used for espionage and data theft. This campaign underscores the increasing complexity and adaptability of cyber threats, particularly those targeting government entities and critical infrastructure in specific geopolitical regions.

Given the critical nature of these threats, organizations in the targeted regions, especially government and diplomatic entities, are advised to remain vigilant and bolster their cybersecurity defenses against such sophisticated threats. Regular updates, vigilant monitoring, and advanced threat detection mechanisms are essential in protecting against these evolving cyber espionage tools.

IoC

IPv4

  • 42.121.111.112
  • 199.231.186.249
  • 185.122.204.197
  • 173.214.167.155

SHA256

  • f75cb3e540b96cd54a966c512c854c832807e354772ae1a326b758394b01b607
  • f5a36570506bfaff60b684cd26dde3a64a3db4eaa9da78a1434cfd4b390ef3d5
  • ed09f95f4b4b482207bb300ff6ec15ed8ca5fdde97af02fa9fbe01adaaf7673b
  • dbf8ba47a5973c86fef32c2d696b09e1930a8384087c62ace1aa5c4084ee1a3f
  • d8f55bbbcc20e81e46b9bf78f93b73f002c76a8fcdb4dc2ae21b8609445c14f9
  • bfce7938591dd9fa3e1368d7eb86fc7f11e935349437fc11de4f124bbbc16dee

REFERENCES

  • https://blog.talosintelligence.com/new-sugargh0st-rat/#:~:text=New%20SugarGh0st%20RAT%20targets%20Uzbekistan,%E2%80%9D
  • https://allinfosecnews.com/item/new-sugargh0st-rat-targets-uzbekistan-government-and-south-korea-2023-11-30--1/#:~:text=We%20assess%20with%20high%20confidence,to%20facilitate%20the%20remote%20%E2%80%A6
  • https://www.darkreading.com/threat-intelligence/new-spookier-gh0st-rat-uzbekistan-south-korea
  • https://www.darkreading.com/threat-intelligence/why-we-need-to-reinvent-how-we-catalogue-malware
  • https://otx.alienvault.com/pulse/6568b12aaabf4058f1f19eb5

TAGS

botnets, apache, CVE-2023-46604, gotitan, sliver, kinsing

at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

En el contexto creciente de convergencia entre sistemas industriales, inteligencia artificial (IA) y digitalización, la gestión del riesgo c...