Romanian cybersecurity firm flushes out 'RadRAT' espionage tool
London: Bucharest-headquartered cybersecurity company Bitdefender has flushed out "RadRAT", a powerful all-in-one toolkit for complex espionage ops that was apparently unnoticed since 2015.
This advanced remote access tool -- which offers full control over seized computers was operating since at least 2015, the company said in a statement.
Th tool has been used in targeted attacks aimed at exfiltrating information, or monitoring victims in enterprises or large businesses running Windows.
"Our interest was stirred by its remote access capabilities, which include unfettered control of the compromised computer, lateral movement across the organisation and rootkit-like detection-evasion mechanisms," the company said in its research.
In addition to its very powerful data exfiltration mechanisms, "RadRAT" features interesting lateral movement mechanisms that include credentials harvesting, using the infected machine to retrieve a Windows password, among others.
"RadRAT's" current command set supports 92 instructions.
For file or registry operations, for example, the attacker can the tool to gain specific knowledge about the file layout and registry data of the victim machine or of network connected machines.
The attacker has the ability to read any file, list the shares of machines on the network, obtain a list of files inside a directory or get their sizes.
Some advanced commands operate on chunks of larger files, being able to read them, compute and compare hashes of byte sections inside the file and upload them.