LTS Secure Warning: Modular RAT “Karagany” Being Used to Target Energy Sectors In Leading Nation

A new updated version of the Karagany malware has being identified by security researcher, targeting energy companies in leading nations. Karagany is developed as a modular RAT and is mostly installed on victim devices with the help of stolen privileged credentials.

 

Technical Details

The malware at its core does not have many built in capabilities. Instead it provides the remote attacker with the ability to:-

  • Provides persistent access to victim network.
  • Download & execute pluign modules.
  • Upload/download files.

 

Impact

Plugin Module help the attacker perform:-

  • Logs user’s keystrokes.
  • Take screenshots of desktop.
  • File & system information enumeration along with directory listing.
  • Steal sensitive/confidential information like login credentials of banking sites, cookies, etc.

 

Recommended Actions

  • Implement Principle of least privilege.
  • Software restriction policies should be in place along with application whitelisting.
  • Inspection of SSL traffic at perimeter.
  • Run full system scan periodically.