Government entities in the Middle East are being targeted by a new backdoor called CR4T, part of a campaign named DuneQuixote, discovered by Kaspersky. The attackers use evasive techniques to avoid detection and analysis.
- Government entities in the Middle East are under attack by a new backdoor called CR4T as part of the DuneQuixote campaign.
- The attackers have implemented sophisticated evasion methods to prevent detection and analysis of their malware.
- The attack starts with a dropper that extracts a command-and-control (C2) address using a novel decryption technique.
- The dropper establishes connections with the C2 server and downloads a next-stage payload, which remains inaccessible without the correct user agent.
- The CR4T backdoor allows attackers to execute commands, perform file operations, and communicate with the C2 server.
- An additional Golang version of CR4T has been discovered, indicating that the threat actors are refining their techniques with cross-platform malware.