Cisco Talos discover Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure.
- Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting user’s information.
- … the victims of this campaign are primarily distributed across the United States, Italy and Singapore.
- The actor used complex obfuscation techniques in the downloader script. Each stage of the deobfuscation process results with the decryption methods for the subsequent stages to finally arrive at the actual malicious downloader method.
- … the latest example of threat actors abusing cloud services like Microsoft Azure and Amazon Web Services and are actively misusing them to achieve their malicious objectives.
- The actor is using the DuckDNS dynamic DNS service to change domain names of the C2 hosts.
