MalwareBytes cybersecurity experts find 4 campaigns to spread a RAT with different baits but the same custom malware.
Bitdefender: NAIKON exploited RainyDay to target military organization in Asia. China state-sponsored APT used the backdoor to compromise the victims’ network and to get to the information of interest
RainyDay is a new malware used by the China state-sponsored APT group NAIKON for cyber espionage attacks against military organization in Southeast Asia. It has been discovered by Bitdefender cybersecurity experts. Through the backdoor several other custom-made or public tools were brought during the attack life cycle. The threat actors also performed reconnaissance, uploaded its reverse proxy tools and scanners, executed the password dump tools, performed lateral movement, and achieved persistence. This all to compromise the victims’ network and to get to the information of interest. The persistence mechanism is usually installed manually, as the actor tends to mimic legitimate applications, but in some cases, it is automatically set by the binaries themselves. A second backdoor, Nebulae, was supposedly used as a measure of precaution to not lose the persistence in case any signs of infections get detected.