The criminal collectives are becoming active against computer networks worldwide. Experts have detected a new wave of attacks that are being orchestrated by the Rancor hackers against various computers located in Asia leveraging the PLAINTEE and DDKONG malware families. This group has been previously known for creating custom Trojans in targeted attacks against organizations.
Discovery of the Rancor Hackers and Their PLAINTTEE and DDKONG Malware
Targeted hacker attacks have become one of the most dangerous tactics in the last two years. They can have even more damaging consequences as they most often rely on security vulnerabilities and computer infections using custom code or sophisticated Trojan strains. This is the reason why they can be much more devastating than ordinary virus infections, including those with ransomware.
The criminal collective was discovered following an analysis of a threat known as the KHRAK Trojan. It was used in a sophisticated attack in August 2017 against computer users in Cambodia. The main distribution method was the use of infected Microsoft Word documents that used social engineering tactics to infect as many users as possible. Once the built-in macros (scripts) are activated the built-in engine will launch a download command that retrieves the rest of the virus. The security analysis shows that the network requests use a false DropBox domain address which is a trick used to prevent system administrators and automated defense countermeasures from detecting the suspicious operations.
Following its installation it will set up a Trojan instance which connects to a hacker-controlled server. This allows the RANCOR hackers to spy on the victims, deploy additional threats and also take over control of the machines at any given time.
The KHRAK Trojan is an important piece of the puzzle as it was found that a similar strategy is currently being operated against targets in (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/rancor-hackers-plainttee-ddkong-malware/