Researchers at Cisco Talos this morning released a report describing cyberespionage against Uzbekistan and the Republic of Korea. They call the remote access Trojan (RAT) being used “SugarGh0st,” which they regard as a descendant of the venerable Gh0st RAT. The initial attack is phishing, with bait documents tailored to the targets’ presumed interests. Two different infection chains have been observed: “One of the infection chains decrypts and executes the SugarGh0st RAT payload, the customized variant of the Gh0st RAT.
Get the latest & greatest cybersecurity insights straight to your inbox:
