Home > Security News > Government/Defense
A command andcontrol server used by the Iranian-associate group PupyRAT that iscommunicating with the mail server of a European energy sector organization forthe last several months.
Recorded Future’sInsikt Group reported PupyRAT, a remote access trojan, had been chatting withthe November2019 until about January 5, 2020. The security firm could not solidlyconfirm through the metadata viewed that PupyRAT had been able to compromiseits target, but Insikt Group researchersbelieve the amount of traffic between the targeted mail server to a PupyRAT C2are sufficient to indicate a likely intrusion.
PupyRAT isan open-source malware generally used by organizations as a “red team” tool,but Insikt Group noted it has been previously used Iranian groups, includingAPT33 and Cobalt Gypsy.
“Whoever theattacker is, the targeting of a mail server at a high-value criticalinfrastructure organization could give an adversary access to sensitiveinformation on energy allocation and resourcing in Europe,” the report said.
Theresearchers pointed out PupyRAT’s possible intrusion of the mail serverpredated the recent tensions that have arisen between the United States andIran indicating the activity is likely part of an on-going cyberespionagecampaign aimed at the European energy sector.
Topics:
Critical Infrastructure
Want to read more?
Please login or register first to view this content.
LoginRegister
Open
Next post in Government/DefenseClose
Share this:
Support the originator by clicking the read the rest link below.
