A cyberespionage campaign using the FatalRAT trojan is targeting industrial organizations in the Asia-Pacific region, particularly in Taiwan, China, Japan, Thailand, and Singapore. Suspected Chinese-speaking attackers distribute phishing emails disguised as tax documents, leading to a complex seven-step infection process. The malware leverages cloud services like Youdao Cloud Notes and Tencent Cloud to evade detection and retrieve payloads. FatalRAT includes anti-VM checks, logs keystrokes, and enables remote execution of malicious commands. Kaspersky recommends segmenting networks, monitoring DLL sideloading, and blocking known Indicators of Compromise (IoCs) to mitigate the threat. Continue here.
