A command and
control server used by the Iranian-associate group PupyRAT that is
communicating with the mail server of a European energy sector organization for
the last several months.
Insikt Group reported PupyRAT, a remote access trojan, had been chatting with
the November2019 until about January 5, 2020. The security firm could not solidly
confirm through the metadata viewed that PupyRAT had been able to compromise
its target, but Insikt Group researchers
believe the amount of traffic between the targeted mail server to a PupyRAT C2
are sufficient to indicate a likely intrusion.
an open-source malware generally used by organizations as a “red team” tool,
but Insikt Group noted it has been previously used Iranian groups, including
APT33 and Cobalt Gypsy.
attacker is, the targeting of a mail server at a high-value critical
infrastructure organization could give an adversary access to sensitive
information on energy allocation and resourcing in Europe,” the report said.
researchers pointed out PupyRAT’s possible intrusion of the mail server
predated the recent tensions that have arisen between the United States and
Iran indicating the activity is likely part of an on-going cyberespionage
campaign aimed at the European energy sector.
Want to read more?
Please login or register first to view this content.