OceanLotus APT campaign debuts new backdoor that resembles old Korplug RAT

The suspected Vietnamese APT group OceanLotus has added a new backdoor to its repertoire of malicious tools – one that includes capabilities for enabling file, registry and process manipulation, and also downloading more malicious files.

According a Mar. 13 blog post by ESET researcher Tomas Foltyn, the hackers appears to be delivering the malware via spear phishing and watering hole campaigns, while relying on tried-and-true tactics it has previously used to remain undetected, including heavy code obfuscation and DLL side-loading.

Read more…
Source: SC Magazine