Rancor, an advanced persistence threat group operating out of China, is observed to be using a new malware downloader against the Cambodian government between December 2018 and January 2019. The new malware loader, dubbed Dudell, is delivered via spear phishing email containing a macro-laden Excel spreadsheet. When the victim enables macro by opening the spreadsheet, a VBScript establishes a connection with the attacker’s command and control infrastructure to download additional malware such as DDKONG, KHRAT or the Derusbi backdoor. Rancor is expected to continue cyber espionage activities in the Southeast Asia region with the purpose of obtaining information that will give its sponsor a political and/or economic edge. The group has the capability to customise payloads that evade traditional detection solutions and will rely on social engineering to compromise targeted agencies and personnel.
References:Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services