RATicate Group Hits Industrial Firms With Revolving Payloads


At least six separate campaigns have been tied to RATicate, with the first wave starting November and the most recent spotted in March. All campaigns leveraged Nullsoft Scriptable Install System (NSIS), a legitimate, open-source tool used to create Windows installers, to ultimately drop various remote access trojans (RATs) on victims’ systems.

More recently, “a new campaign we believe connected to the same actors leverages concern about the global COVID-19 pandemic to convince victims to open the payloads,” said Markel Picado, threat researcher with SophosLabs, in a Thursday analysis. “This is a shift in tactics, but we suspect that this group constantly changes the way they deploy malware — and that the group has conducted campaigns prior to this past November.”

Read more…
Source:  ThreatPost