Amazon and Azure Cloud Services Abused in a Malicious Trio RAT Campaign

Researchers have identified a malicious campaign leveraging a trio of remote access trojans that target Amazon Web Services (AWS) along with Azure Cloud Services. The threat actors’ goal is to steal victims’ data and carry out RCE (remote code execution).

What RATs Are Leveraged in This Triad?

Experts from Cisco Talos published a report on this topic. According to them, the following malware families were used in this trio RAT campaign: AsyncRAT, NetwireRAT, and Nanocore.

AsyncRAT

By means of secure C2 server encrypted connections, it facilitates the control and monitoring of computers. Threat actors can perform confidential data theft through its keylogger, screen recorder, and system configuration manager features.

NetwireRAT

It serves the purpose of passwords, login credentials, and payment info stealing. Besides, hackers can use it to gather file-system data or perform remote execution of different commands.

Nanocore

Nanocore stands for a 32-bit .NET portable executable (PE) and consists of 2 plugins dubbed SurveillanceEx and Client. The first performs video and audio capturing, while the second manages the communications with the C2 server.

The Trio RAT Campaign: Details

As researchers highlight, hackers use since October malware variants like AsyncRAT, Netwire, and Nanocore to target Italy, the United States, Singapore,

Read More: https://heimdalsecurity.com/blog/amazon-and-azure-cloud-services-abused-in-a-malicious-trio-rat-campaign-remote-access-trojan/