## THREAT ALERTS

# HACKING THE HACKERS

#### OVERVIEW WHAT’S HAPPENING?


###### Cybereason Nocturnus is investigating a campaign where attackers are trojanizing

**THREAT TYPE:**

###### multiple hacking tools with njRat, a well known RAT. The campaign ultimately gives

REMOTE ACCESS TROJAN

###### attackers total access to the target machine.

**TARGET INDUSTRY:** In this writeup, the Nocturnus team presents an analysis of the attacker TTPs

ANY

###### and indicators of compromise. During this investigation, we uncovered hundreds

 of trojanized files and information about the threat actors infrastructure.

**ATTACK GOAL:**
& PROLIFERATIONTOTAL CONTROL KEY OBSERVATIONS & TTPS

##### » A Widespread Campaign: The Nocturnus team has found a widespread hacking

campaign that uses the njRat trojan to hijack the victim’s machine, giving the

**IMPACTED GEO:**

threat actors complete access that can be used for anything from conducting

WORLDWIDE

DDoS attacks to stealing sensitive data.

##### » Baiting Hackers: The malware is spreading by turning various hacking tools

and other installers into trojans. The threat actors are posting the maliciously

modified files on various forums and websites to bait other hackers.


-----