SEE: Internet and email usage policy (TechRepublic Premium)Ĭyberattackers have used JhoneRAT since November and little has changed in their tactics since then, according to Rascagneres. The purpose of the campaigns were cyber espionage,” Rascagneres said.
The attackers had complete control of the compromised systems. “We don’t know why specifically these countries, the attackers simply hardcoded these countries in the malware. In a blog post and an email interview, Rascagneres and the Talos team explained that this malware has been used specifically to target people and systems in Saudi Arabia, Iraq, Egypt, Libya, Algeria, Morocco, Tunisia, Oman, Yemen, Syria, UAE, Kuwait, Bahrain, and Lebanon. The malware is a Remote Access Trojan, also known as a RAT, that Talos analysts Warren Mercer, Paul Rascagneres, Vitor Ventura, and Eric Kuhla named “JhoneRAT” because it checks for new commands in the tweets from the handle The handle was suspended by Twitter, but JhoneRAT looks for new commands every 10 seconds using and HTML parser to identify new tweets. Security researchers with Cisco’s Talos Security Intelligence and Research Group discovered a new type of malware, which is able to attack a victim’s devices through malicious Microsoft Office documents.
