9002 RAT Description
In 2018 a hacking operation called 'Operation Red Signature' was executed against several large corporations located in South Korea. There was a certain hacking tool used in this operation that made it all possible – the 9002 RAT (Remote Access Trojan). Operation Red Signature was a supply chain attack, which means that instead of targeting the users directly, the hackers had infiltrated a piece of software used by the victims and used it to spread their threat via the update of the software. By doing this, the attackers make it much more difficult for the victims to spot that something was wrong because they believe that an update provided by the software they use has to be safe and trustworthy.
It is important to note that instead of delivering their fake update to all the users available, the attackers chose to apply a spear phishing method of spreading the 9002 RAT. This means that they chose specific targets by sorting through the IP addresses and only infected these specific users. Again, this was done to keep the 9002 RAT on the down-low as much as possible. If a large number of people got infected, then there would be much more of a chance that someone ends up spotting the 9002 RAT and the attack gets halted. However, the authors of the 9002 RAT have gone even further to keep the 9002 RAT under the radar – they set up a timer. The 9002 RAT was meant to only operate between July 18 and July 31 when all its actions would be terminated.
The attackers used the 9002 RAT to deliver a whole myriad of other hacking tools on the infiltrated computers. Among them were the DsQuery, DsGet, and SharpHound tools, which are used to explore and collect information regarding active directory objects. Also, an altered version of the Mimikatz – software was used to collect Windows credentials. Other tools that were dropped on the infected systems were a browser info stealer, a variant of the PlugX RAT, and a hacking tool able to crawl SQL databases and extract passwords from them.
Companies offering software need to be very careful when it comes to security because, like in the case of Operation Red Signature, they can end up taking part in an attack launched against their own loyal customers and this is absolutely unacceptable.
Do You Suspect Your PC May Be Infected with 9002 RAT & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like 9002 RAT as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.