Cryptolaemus cybersecurity experts: The malware distribution process is the same used to distribute BazarLoader.
Cisco Talos: Afghanistan and India targeted with a bunch of commodity RATs. The attacker, a single actor, deploys a variety of malware, such as DcRAT and QuasarRAT, via diplomatic and humanitarian lures
A cybercrime actor is targeting Afghanistan and India with a bunch of commodity RATs. It has been discovered by Cisco Talos cybersecurity experts. The campaign consists of two phases: A reconnaissance phase that involves a custom file enumerator and infector to the victims and an attack phase that deploys a variety of malware, such as DcRAT and QuasarRAT. The threat actor registered multiple domains with political and government themes. These domains hosted malware payloads that were distributed to their victims. Their malicious lures also contained themes related to Afghan entities, specifically diplomatic and humanitarian efforts. Researchers assess with high confidence that behind these attacks there is an individual operating under the guise of a Pakistani IT firm called “Bunse Technologies.”