Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

QSC: new modular framework in CloudComputating campaigns

Nov. 8, 2024, 6:52 p.m.

Description

Kaspersky researchers discovered QSC, a multi-plugin malware framework used by the CloudComputating group in cyber espionage campaigns. QSC consists of a Loader, Core module, Network module, File Manager module, and Command Shell module, allowing attackers to load specific plugins on demand. The framework was deployed alongside a new Golang-based backdoor called GoClient. Attackers used stolen domain admin credentials to move laterally and deploy QSC on other machines within compromised networks. The campaigns targeted telecommunication companies in South and West Asia, with attackers collecting system information, accessing domain controllers, and exfiltrating sensitive data.

Date

Published: Nov. 8, 2024, 11:37 a.m.

Created: Nov. 8, 2024, 11:37 a.m.

Modified: Nov. 8, 2024, 6:52 p.m.

Attack Patterns

Quarian backdoor

GoClient backdoor

QSC framework

CloudComputating

T1003.003

T1592.004

T1021.002

T1069.002

T1078.002

T1021.001

T1055.001

T1548.002

T1074.001

T1560.001

T1087.002

T1074

T1018

T1012

T1005

T1016

T1082

T1057

T1083

T1055

T1033

T1078

Additional Informations

Telecommunications