DinodasRAT used against governmental entity in Guayana – Week in security with Tony Anscombe

7 months ago AndyC

Video
The backdoor can exfiltrate files, manipulate Windows registry keys, and execute commands that are capable of performing various actions on a victim’s machine

Video

The backdoor can exfiltrate files, manipulate Windows registry keys, and execute commands that are capable of performing various actions on a victim’s machine

Editor

06 Oct 2023

This week, ESET researchers released their findings about a cyberespionage campaign that took aim at a Guyanese governmental entity. Named Operation Jacana by ESET, the campaign deployed a previously undocumented backdoor, DinodasRAT, that can exfiltrate files, manipulate Windows registry keys, and execute commands that are capable of performing various actions on a victim’s machine. Apart from DinodasRAT, the attackers also deployed a variant of Korplug (PlugX), leading the researchers to suspect that the campaign is the work of China-aligned operators.

Learn more about the attack in our technical blogpost here:

Operation Jacana: Foundling hobbits in Guyana

Connect with us on FacebookTwitterLinkedInInstagram.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe

19 hours ago AndyC
What makes Starmus unique? A Q&A with award-winning filmmaker Todd Miller

What makes Starmus unique? A Q&A with award-winning filmmaker Todd Miller

3 days ago AndyC
How technology drives progress: A Q&A with Nobel laureate Michel Mayor

How technology drives progress: A Q&A with Nobel laureate Michel Mayor

3 days ago AndyC
The vision behind Starmus: A Q&A with the festival’s co-founder Garik Israelian

The vision behind Starmus: A Q&A with the festival’s co-founder Garik Israelian

3 days ago AndyC

Protecting yourself after a medical data breach – Week in security with Tony Anscombe

1 week ago AndyC
The many faces of impersonation fraud: Spot an imposter before it’s too late

The many faces of impersonation fraud: Spot an imposter before it’s too late

1 week ago AndyC

You may have missed

Hackers may have accessed thousands of accounts on California state welfare platform

Hackers may have accessed thousands of accounts on California state welfare platform

16 hours ago AndyC

Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe

19 hours ago AndyC
Brokewell supports an extensive set of Device Takeover capabilities

Brokewell supports an extensive set of Device Takeover capabilities

22 hours ago AndyC
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

22 hours ago AndyC
Bogus npm Packages Used to Trick Software Developers into Installing Malware

Bogus npm Packages Used to Trick Software Developers into Installing Malware

1 day ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.