SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Researchers believe Gh0st RAT played large role in Asian spying campaign
Description: A joint analysis from two security firms found that malicious actors in Asia are using the Gh0st RAT backdoor to conduct espionage campaigns across Asia. The targets allegedly include a government agency, a telecommunications company and a gas company. The RAT allows the adversaries to take screenshots, execute console commands and exfiltrate data to a command and control (C2) server.
Reference: https://www.cisomag.com/a-joint-analysis-reveals-apt-group-spying-activities/
Snort SIDs: 53961, 53962
Title: DenDroid variant goes after Android users in Thailand
Description: Thai Android devices and users are being targeted by a modified version of DenDroid researchers at Cisco Talos are calling "WolfRAT," that is looking to exploit messaging apps like WhatsApp, Facebook Messenger and Line. Talos assesses with high confidence that this modified version is operated by the infamous Wolf Research. This actor has shown a surprising level of amateur actions, including code overlaps, open-source project copy/paste, classes never being instanced, unstable packages and unsecured panels.
Reference: https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html
Snort SIDs: 54004