A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan.
Check Point Research called out hackers affiliated with a group named Dark Caracal in a new report published yesterday for their efforts to deploy “dozens of digitally signed variants” of the Bandook Windows Trojan over the past year, thus once again “reigniting interest in this old malware family.”
The different verticals singled out by the threat actor include government, financial, energy, food industry, healthcare, education, IT, and legal institutions located in Chile, Cyprus, Germany, Indonesia, Italy, Singapore, Switzerland, Turkey, and the US.
The unusually large variety of targeted markets and locations “reinforces a previous hypothesis that the malware is not developed in-house and used by a single entity, but is part of an offensive infrastructure sold by a third party to governments and threat actors worldwide, to facilitate offensive cyber operations,” the researchers said.
Dark Caracal’s extensive use of Bandook RAT to execute espionage on a global scale…