Italy had its private companies and government agencies targeted by Chinese threat operation APT17 — also known as Bronze Keystone, Aurora Panda, Helium, TEMP.Avengers, Elderwood, and Hidden Lynx — in attacks involving a variant of the modular 9002 RAT malware in late June and early July, according to The Hacker News.
Attackers leveraged spear-phishing to lure targets into downloading an MSI installer for Skype for Business from a domain resembling one belonging to the Italian government, which when launched eventually triggered the execution of the 9002 RAT malware variant, an analysis from TG Soft revealed.
Aside from facilitating network traffic tracking and screenshot capturing, 9002 RAT also enabled process management, file enumeration, and further command execution, noted TG Soft researchers. "The malware appears to be constantly updated with diskless variants as well. It is composed of various modules that are activated as needed by the cyber actor so as to reduce the possibility of interception," said researchers.
