IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Cybersecurity
#
CIOs
#
Cybercriminals
Group-IB uncovers new Linux RAT targeting Thai company networks
Fri, 8th Dec 2023
Author image
By Catherine Knowles, Journalist
Follow us

Cybersecurity pioneer Group-IB has exposed a new Linux Remote Access Trojan (RAT), known as Krasue, being used covertly by cyber criminals to infiltrate company networks based solely within Thailand.

The Trojan, named after a nocturnal spirit from Thai mythology by the Group-IB Threat Intelligence unit, has been active since at least 2021 and was initially used against telecommunication companies in the nation.

The RAT's primary function is to maintain access to a targeted network, employing tactics such as vulnerability exploitation, credential brute force attacks, or deceptive package downloads, according to Group-IB.

On discovery of this threat, Group-IB swiftly notified their Threat Intelligence customers and published YARA rules on their blog to aid organisations in actively seeking out this threat.

Krasue's rootkit, key to the attack's success, shares characteristics with open-source Linux Kernel Module rootkits and shows multiple similarities to another Linux malware, XorDdos. This correlation suggests a likely connection between the two malicious entities.

The deployment of this malware could be part of a botnet strategy or potentially offering access to Krasue to other cyber criminal guilds like ransomware gangs, by initial access brokers (IAB).

According to Benyatip Hongto, Group-IB's Business Development Manager in Thailand, the timely response to this discovery was integral in combating this threat.

He stressed, "Group-IB's rapid response upon discovery of this malware and information sharing with ThaiCERT and TTC-CERT are vital steps towards countering this threat. Group-IB will continue to monitor Krasues spread both within Thailand and in other geographies, and take all measures to proactively inform affected parties."

In order to intensify their response to increasing cyber risks in Thailand, Group-IB has announced plans to launch a Digital Crime Resistance Center in the country in March 2023. This move aims to bolster their dedication to the promotion and enhancement of cybersecurity capabilities within Thailand and beyond.

The Group has also joined forces with major Thai organisations including nForce and the Defence Technology Institute, hoping to boost shared knowledge and collaboration in cybersecurity practices.

Building on this momentum, Group-IB signed a memorandum of understanding with theDefence Technology Institute, a government agency under the supervision of the Minister of Defence of Thailand, in May 2023, to enhance knowledge sharing and collaboration in the development of the Defense Technology Institute Cyber Academy Program.

Hongto reaffirmed that the disclosure of this sophisticated malware targeting Thailand-based organisations underlines the need for constant vigilance and proaction to thwart such threats.

Related stories
GitHub's 2FA initiative helps secure software supply chain
Kyriba reveals $95 billion currency effect in global liquidity report
ExtraHop report shows Singapore firms vulnerable to ransomware attacks
Ransomware threats escalating in Southeast Asia – report
AI tools linked to data exposure in 1 in 5 UK organisations
Top stories
Third-party risk: A growing threat in today's interconnected world
Yokogawa collaborates with Fortinet for secure IT/OT integration
How blending ICT environments can elevate or impede your financial services merger
The best management consulting clubs (Benefits + fees)
Zscaler introduces enhanced ZDX service for improved IT operations