Today > 1 Critical | 2 High | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT

Dec. 3, 2024, 3:19 p.m.

Tags
remote access
burnsrat
netsupport rat
meduza
2024-12-02
External References
Description

The Horns&Hooves campaign, active since March 2023, targets Russian businesses with malicious email attachments containing scripts that install NetSupport RAT or BurnsRAT. The campaign evolved through several versions, improving obfuscation and delivery methods. It uses decoy documents and legitimate-looking file names to trick users. The attackers, likely associated with the TA569 group, gain remote access to infected systems and potentially sell this access to other cybercriminals. The campaign has affected over a thousand users, primarily in Russia, and has been observed attempting to install additional malware like Rhadamanthys and Meduza stealers.

Date

Published: Dec. 2, 2024, 5:08 p.m.

Created: Dec. 2, 2024, 5:08 p.m.

Modified: Dec. 3, 2024, 3:19 p.m.

Attack Patterns

BurnsRAT

Meduza

NetSupport RAT

Rhadamanthys

Mustard Tempest

T1021.001

T1574.002

T1059.003

T1059.001

T1547.001

T1059.007

T1573

T1105

T1219

T1036

T1204

T1140

T1027

T1566

Additional Informations

Retail

Russian Federation