tldr - powered by Generative AI

• Government entities in the Middle East are under attack by a new backdoor called CR4T as part of the DuneQuixote campaign.
• The attackers have implemented sophisticated evasion methods to prevent detection and analysis of their malware.
• The attack starts with a dropper that extracts a command-and-control (C2) address using a novel decryption technique.
• The dropper establishes connections with the C2 server and downloads a next-stage payload, which remains inaccessible without the correct user agent.
• The CR4T backdoor allows attackers to execute commands, perform file operations, and communicate with the C2 server.
• An additional Golang version of CR4T has been discovered, indicating that the threat actors are refining their techniques with cross-platform malware.