Arbor Networks Uncovers Multi-Stage Attack Campaign
Arbor Networks, the security division of NETSCOUT, has released a new ASERT Threat Intelligence Report detailing an attack campaign involving various government websites and non-governmental organisations. This threat campaign involves a newly-discovered Remote Access Trojan (RAT) named ‘Trochilus.’ Believed to be driven by East Asian threat actors, Trochilus is part of a seven-piece malware cluster that offers threat actors a variety of capabilities, including espionage and the means to move laterally within target networks in order to achieve more strategic access.
This is the first instance of the Trochilus RAT observed by Arbor’s Security Engineering & Response Team (ASERT) on the global Internet. ASERT is unaware of any public reference to this malware being used in targeted threat campaigns.
In 2015, Arbor Networks and other research organisations discovered the PlugX and EvilGrab malware targeting government websites in Asia. After delivering initial findings to the regional Computer Emergency Response Teams (CERTs), additional malware was subsequently discovered and removed from related sites. The presence of new malware after the initial notification process from Arbor indicates an ongoing campaign and suggests persistent, resourceful actors are involved. In addition to updating security policies in Arbor’s products, ASERT regularly shares its operational insight with the threat intelligence and incident response community, hundreds of international CERTs and thousands of network operators around the world.
Read the official press release from Arbor Networks here.