In February 2024, Kaspersky researchers discovered a new malware campaign targeting government entities in the Middle East.
They dubbed it “DuneQuixote”; and their investigation uncovered over 30 DuneQuixote dropper samples actively employed in the campaign. These droppers, which exist in two versions – regular droppers and tampered installer files for a legitimate tool named “Total Commander”, carried malicious code to download an additional payload in the form of a backdoor Kaspersky call “CR4T”. While the researchers identified only two CR4T implants at the time of discovery, they strongly suspect the existence of others, which may be completely different malware.
Read more…
Source: Kaspersky
Related:
- SideWinder targets the maritime and nuclear sectors with an updated toolset
March 10, 2025
Last year, Kaspersky researchers published an article about SideWinder, a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. In the article, they described activities that had mostly happened in the first half of the year. The researchers tried to draw attention to the group, ...
- Threat Actor Delivers Highly Targeted Multistage Polyglot Malware
March 4, 2025
In fall 2024, UNK_CraftyCamel leveraged a compromised Indian electronics company to target fewer than five organizations in the United Arab Emirates with a malicious ZIP file that leveraged multiple polyglot files to eventually install a custom Go backdoor dubbed Sosano. Proofpoint uses the UNK_ designator to define clusters of activity that are still developing and have ...
- Operation sea elephant: The dying walrus wandering the Indian Ocean
March 3, 2025
Operation Sea Elephant aims to spy on Chinese scientific research achievements in the field of ocean to ensure the dominance of a certain country in South Asia in the Indian Ocean. In mid-2024 QiAnXin Threat Intelligence Center researchers discovered the South Asian direction attack collection numbered UTG-Q-011, which, despite the fact that the collection’s subsequent plug-ins differed ...
- Angry Likho: Old beasts in a new forest
February 21, 2025
Angry Likho (referred to as Sticky Werewolf by some vendors) is an APT group we’ve been monitoring since 2023. It bears a strong resemblance to Awaken Likho, which we’ve analyzed before, so we classified it within the Likho malicious activity cluster. However, Angry Likho’s attacks tend to be targeted, with a more compact infrastructure, a limited ...
- Philippines reports foreign cyber intrusions targeting intelligence data, but no breaches
February 18, 2025
The Philippines has detected foreign attempts to access intelligence data, but its cyber minister said on Tuesday no breaches have been recorded so far. Attempts to steal data are wide-ranging, said minister for information and communications Ivan Uy. Advanced Persistent Threats or APTs have repeatedly attempted but failed to infiltrate government systems, suggesting the country’s cyber-defences ...
- China’s Salt Typhoon hackers continue to breach telecom firms despite US sanctions
February 13, 2025
Security researchers say the Chinese government-linked hacking group, Salt Typhoon, is continuing to compromise telecommunications providers, despite the recent sanctions imposed by the U.S. government on the group. In a report shared with TechCrunch, threat intelligence firm Recorded Future said it had observed Salt Typhoon — which the company tracks as “RedMike” — breaching five telecommunications ...