ObliqueRAT: New RAT hits victims’ endpoints via malicious documents

By Talos Group By Asheer Malhotra.
Cisco Talos has observed a malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread a remote access trojan (RAT) we’re calling “ObliqueRAT.”
These maldocs use malicious macros to deliver the second stage RAT payload.
This campaign appears to target organizations in Southeast Asia.
Network based detection, although important, should be combined with endpoint protections to combat this threat and provide multiple layers of security.

What’s New?
Cisco Talos has recently discovered a new campaign distributing a malicious remote access trojan (RAT) family we’re calling “ObliqueRAT.” Cisco Talos also discovered a link between ObliqueRAT and another campaign from December 2019 distributing CrimsonRAT sharing similar maldocs and macros. CrimsonRAT has been known to target diplomatic and government organizations in Southeast Asia.
Read More>>
The post ObliqueRAT: New RAT hits victims‘ endpoints via malicious documents appeared first on Cisco Blogs.

Source:: Cisco Security Notice