The report further highlights a rising trend in October 2023 in cyber threats targeting government agencies and organisations, especially in the Middle East and Africa, with remote access trojans (RAT) malware.
RATs are malware designed to allow a hacker to remotely control an infected computer. Once the RAT is running on a compromised system, the attacker can send commands to it and receive data back in response.
The report highlights the expanding reach of the sophisticated RAT AgentTesla and NJRat driven by a new and complex mal-spam campaign using corrupted email attachments.
AgentTesla was found being disseminated through archive files that contained a malicious Microsoft Compiled HTML Help (.CHM) extension.
These files, disguised as typical order and shipment documents, were distributed via emails with .GZ or .zip attachments, tricking recipients into downloading the malware.
Once installed, AgentTesla exhibits a range of harmful capabilities, including keylogging, capturing clipboard data, accessing file systems, and secretly transmitting stolen data to a Command and Control (C&C) server.
NJRat has multiple capabilities: capturing keystrokes, accessing the victim’s camera, stealing credentials stored in browsers, uploading and downloading files, performing process and file manipulations, and viewing the victim’s desktop.
It infects victims via phishing attacks and drive-by downloads, and propagates through infected USB keys or networked drives, with the support of Command & Control server software. NJRat’s impact in South Africa is just above 2% while Morrocco is at 8% with wider use against Middle Easter government organisations.
Here are the top-ranked countries on the Global Threat Index to cyber attacks.
|Country||Normalised Threat Index||Global Rank|