SUBSCRIBE NOW
IN THIS ISSUE
PIPELINE RESOURCES
Black Lotus Labs Released Report about a Suspected Pakistani Threat

Lumen Black Lotus Labs issues important report on suspected Pakistani threat actor targeting victims in South and Central Asia

Actor's capabilities appear to be growing with execution of new, custom-developed framework

Black Lotus Labs, the threat intelligence arm of Lumen Technologies, released a detailed report about a suspected Pakistani threat actor that executed a custom-developed framework to compromise multiple targets in South Asia, including a power company in India.

In the report, Black Lotus Labs details how it detected a new remote access trojan (RAT) it's calling ReverseRat – which was deployed in parallel with an open-source RAT called Allakore – to infect machines and achieve persistence. Based on the team's global telemetry and analysis, it determined that the actor is targeting government and energy organizations in the South and Central Asia regions, and it has operational infrastructure hosted in Pakistan.

Threat Assessment

  • The ReverseRat infection chain is noteworthy because of the steps it takes to avoid detection and the critical nature of the targeted entities.

  • While this threat actor's targets have thus far remained within the South and Central Asian regions, they have proven effective at gaining access to networks of interest.

  • Black Lotus Labs assesses that as this actor continues to develop its capabilities and refine its multi-step infection processes, it could pose a real threat to organizations in and beyond these regions.

Black Lotus Labs Response

  • To combat this campaign, Black Lotus Labs null-routed the actor's infrastructure across the Lumen global IP network and notified the affected organizations.

  • Black Lotus Labs continues to follow this threat group to detect and disrupt similar compromises, and it encourages other organizations to monitor for and address this and similar campaigns in their environments.

  • Black Lotus Labs is committed to tracking adversary groups such as this and documenting their tradecraft to proactively help defenders.

Recommendations
Given the nature of the critical sectors the actor is targeting and the low rate of detection, Black Lotus Labs advises security practitioners to learn the actor's current tactics, tools and procedures (TTPs) to better defend their organizations against potential attacks.

Source: Lumen Technologies media announcement

FEATURED SPONSOR:

Latest Updates





Subscribe to our YouTube Channel