A threat actor that has been spotted targeting Azerbaijan has shown an interest in the energy sector, specifically SCADA systems related to wind turbines, Cisco’s Talos threat intelligence and research group reports.
The attacks are aimed at both government organizations and private sector companies, and they involve a remote access trojan (RAT) that has not been seen before. Talos has not been able to link the attacks to a known threat actor.
According to Talos, the hackers appear to be interested in the energy sector and industrial control systems (ICS).
“We believe information pertaining to SCADA systems, with specific interest to wind turbines, was obtained based on the targeting observed,” Warren Mercer, technical lead at Talos, told SecurityWeek.
As for the new Python-based RAT used in these attacks, Talos has dubbed the malware PoetRAT. Once it has been delivered to a device, its operators can instruct it to list files, obtain information about the system, download and upload files, take screenshots, copy and move files, make changes in the registry, hide and unhide files, view and kill processes, and execute operating system commands.
Learn more about threats to industrial systems at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series
The malware is typically delivered using specially crafted Word documents that act as a dropper. In one campaign observed in February, the fake document was blurred, but appeared to include the logo of the Defense R&D Organisation of the Ministry of Defence in India. However, Talos says it has found ..
Support the originator by clicking the read the rest link below.
