QSC: new modular framework in CloudComputating campaigns
Nov. 8, 2024, 6:52 p.m.
Tags
External References
Description
Kaspersky researchers discovered QSC, a multi-plugin malware framework used by the CloudComputating group in cyber espionage campaigns. QSC consists of a Loader, Core module, Network module, File Manager module, and Command Shell module, allowing attackers to load specific plugins on demand. The framework was deployed alongside a new Golang-based backdoor called GoClient. Attackers used stolen domain admin credentials to move laterally and deploy QSC on other machines within compromised networks. The campaigns targeted telecommunication companies in South and West Asia, with attackers collecting system information, accessing domain controllers, and exfiltrating sensitive data.
Date
Published: Nov. 8, 2024, 11:37 a.m.
Created: Nov. 8, 2024, 11:37 a.m.
Modified: Nov. 8, 2024, 6:52 p.m.
Attack Patterns
Quarian backdoor
GoClient backdoor
QSC framework
CloudComputating
T1003.003
T1592.004
T1021.002
T1069.002
T1078.002
T1021.001
T1055.001
T1548.002
T1074.001
T1560.001
T1087.002
T1074
T1018
T1012
T1005
T1016
T1082
T1057
T1083
T1055
T1033
T1078
Additional Informations
Telecommunications