Bitdefender, a Romanian Cybersecurity firm, has flushed out a powerful all-in-one toolkit for espionage operations dubbed “RadRAT,” which it became aware of in February this year. The toolkit is an advanced remote access tool that allows full control over seized computers.
“Buried in the malware zoo, the threat seems to have been operational since at least 2015, undocumented by the research community,” the company said in a post.
RadRAT offers powerful remote access options that allow “unfettered control of the compromised computer, lateral movement across the organization and rootkit-like detection-evasion mechanisms.”
“Powered by a vast array of features, this RAT was used in targeted attacks aimed at exfiltrating information or monitoring victims in large networked organizations,” the post read.
Apart from its data exfiltration mechanisms, it also features lateral movement mechanisms such as credentials harvesting, NTLM hash harvesting, retrieving a Windows password, and more, and its command set currently supports 92 instructions.
These commands can be used for various malicious purposes, including file or registry operations, data theft operations, network operations, operations on processes, system information, propagation, and more.
“Unfortunately, while our information about the behavior and technical implementation of this remote access toolkit is complete, we can only guess at the original infection vector, which is most likely a spear phishing e-mail or an exploit,” the cybersecurity firm wrote in its whitepaper on the toolkit.
“Buried in the malware zoo, the threat seems to have been operational since at least 2015, undocumented by the research community,” the company said in a post.
RadRAT offers powerful remote access options that allow “unfettered control of the compromised computer, lateral movement across the organization and rootkit-like detection-evasion mechanisms.”
“Powered by a vast array of features, this RAT was used in targeted attacks aimed at exfiltrating information or monitoring victims in large networked organizations,” the post read.
Apart from its data exfiltration mechanisms, it also features lateral movement mechanisms such as credentials harvesting, NTLM hash harvesting, retrieving a Windows password, and more, and its command set currently supports 92 instructions.
These commands can be used for various malicious purposes, including file or registry operations, data theft operations, network operations, operations on processes, system information, propagation, and more.
“Unfortunately, while our information about the behavior and technical implementation of this remote access toolkit is complete, we can only guess at the original infection vector, which is most likely a spear phishing e-mail or an exploit,” the cybersecurity firm wrote in its whitepaper on the toolkit.