Recently, there has been a rise in incidences of hackers using “ Remote Administration Tools ” to control the infected system and bypass protection technologies.
Remote administration tools are software that allows managing and controlling terminals from a remote location.
The tools can be used for work-from-home purposes as well as remote control, management, and maintenance of unmanned devices. “Remote Administration Tools,” or RATs, are legitimately utilized remote control tools.
“By installing remote administration tools in a target system, the threat actor was able to simultaneously obtain control over the system and bypass anti-malware security products”, AhnLab shared in a report with GBHackers On Security.
Using Remote Administration Tools to Control Infected Systems
AnyDesk is a remote control application with many functions, including file transfer and remote desktop. Remote desktop is a program that allows a user to access and control an environment remotely where RDP or AnyDesk is installed.
In this case, attackers like the Conti ransomware group are known to connect AnyDesk with Cobalt Strike in an attempt to take control of a company’s internal network.
Remote control using AnyDesk NetSupport is also a remote control program that also offers functions including sharing clipboard contents, taking screenshots, gathering browser history data, managing files, and executing commands.
It doesn’t require an installation process using a standard installer; it can be operated with just the essential internal files. Up until recently, it was disseminated by spam emails that purported to be purchase orders, shipment documents, invoices, or even phishing pages that tricked users into installing it themselves by pretending to be SocGholish software update pages.
NetSupport execution log – EDR detection Chrome Remote Desktop is a feature that Google provides. The Chrome web browser can be used to operate a system remotely that has the remote desktop program installed and associated with a user account.
Attacks by the Kimsuky group , which is believed to have North Korean support, are typically carried out to steal technology and confidential data from businesses. To remotely control the compromised system, the group would install malware such as VNC or activate RDP after installing backdoor-type malware.
EDR detection of a suspicious Chrome Remote Desktop execution Chrome Remote Desktop has been used to take control of compromised PCs in certain recent situations.
Final Thoughts
AhnLab EDR gathers and provides relevant data, even when users utilize remote administration tools for legitimate remote control reasons. This enables administrators to identify and address suspicious behavior.
Additionally, when suspicious conditions lead to the installation of remote administration tools, these behaviors are recognized as threats, allowing administrators to determine the root cause, take appropriate action, and set up procedures to prevent recurrence.
The post Hackers are Increasingly Using Remote Admin Tools to Control Infected Systems appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform .
Top News
-
U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain
Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a...
-
Lừa đảo mạo danh ‘nở rộ’ trên không gian mạng và ngày càng tinh vi
Dù hình thức không mới song lừa đảo mạo danh hiện vẫn đang khiến nhiều người dân tại Việt Nam và trên thế giới sập bẫy, bị chiếm đoạt tài sản.
-
Lừa đảo đánh cắp mã OTP tinh vi, tấn công mạng tận dụng lỗ hổng mới
Xuất hiện lừa đảo đánh cắp mã OTP tinh vi; Hacker gia tăng tốc độ tận dụng các lỗ hổng mới,... là những thông tin công nghệ trong nước nổi bật...
-
Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users
Hackers are targeting, attacking, and exploiting ML models. They want to hack into these systems to steal sensitive data, interrupt services, or...
-
Sleepy Pickle - Kỹ thuật tấn công mới nhắm vào các mô hình học máy
Sleepy Pickle là một kỹ thuật tấn công mới lạ và bí mật nhắm vào chính mô hình ML (Machine Learning) thay vì hệ thống cơ bản. {...