Researchers at Cisco Talos this morning released a report describing cyberespionage against Uzbekistan and the Republic of Korea. They call the remote access Trojan (RAT) being used „SugarGh0st,“ which they regard as a descendant of the venerable Gh0st RAT. The initial attack is phishing, with bait documents tailored to the targets‘ presumed interests. Two different infection chains have been observed: „One of the infection chains decrypts and executes the SugarGh0st RAT payload, the customized variant of the Gh0st RAT.
Erhalten Sie neue, wertvolle Security-Einblicke direkt in Ihren Posteingang:
