Weekly Comments

17 - 24 December 2019

An advanced persistence threat group operating out of China is observed to be using a new malware downloader against the Cambodian government.

Rancor, an advanced persistence threat group operating out of China, is observed to be using a new malware downloader against the Cambodian government between December 2018 and January 2019. The new malware loader, dubbed Dudell, is delivered via spear phishing email containing a macro-laden Excel spreadsheet. When the victim enables macro by opening the spreadsheet, a VBScript establishes a connection with the attacker’s command and control infrastructure to download additional malware such as DDKONG, KHRAT or the Derusbi backdoor. Rancor is expected to continue cyber espionage activities in the Southeast Asia region with the purpose of obtaining information that will give its sponsor a political and/or economic edge. The group has the capability to customise payloads that evade traditional detection solutions and will rely on social engineering to compromise targeted agencies and personnel.

References:

Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence