By Asheer Malhotra.
- Cisco Talos has observed a malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread a remote access trojan (RAT) we’re calling “ObliqueRAT.”
- These maldocs use malicious macros to deliver the second stage RAT payload.
- This campaign appears to target organizations in Southeast Asia.
- Network based detection, although important, should be combined with endpoint protections to combat this threat and provide multiple layers of security.
Cisco Talos has recently discovered a new campaign distributing a malicious remote access trojan (RAT) family we’re calling “ObliqueRAT.” Cisco Talos also discovered a link between ObliqueRAT and another campaign from December 2019 distributing CrimsonRAT sharing similar maldocs and macros. CrimsonRAT has been known to target diplomatic and government organizations in Southeast Asia.