A newly discovered threat group named SandroRat is targeting Italian corporate networks.
The group is focused on the energy, military, and aerospace sectors.
The group deploys phishing attacks with malicious Word documents that execute a series of scripts designed to evade detection and ultimately deploy a backdoor dubbed SandroRat.
-
SandroRat is a modular remote access trojan that is capable of malicious functions such as:
- capturing screenshots,
- exfiltrating data,
- and executing arbitrary code.
- The attackers are exploiting a recently disclosed Microsoft Exchange Server vulnerability to gain initial access to the target's network.
- Security researchers have recommended utilizing multi-factor authentication and regular security awareness training.
